rpms / glibc

Clone
Source Code
GIT

Blame SOURCES/glibc-upstream-2.34-356.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8 c8-beta c8s c8s-sig-hyperscale-intel c9 c9-beta
  1.   c9-beta
  2.   SOURCES
  3.   glibc-upstream-2.34-356.patch
Blob History Raw
6ca6e8 
commit fa5044f1e38f4f6515253449b6ca77fd14f53b8e
6ca6e8 
Author: Paul Eggert <eggert@cs.ucla.edu>
6ca6e8 
Date:   Wed Nov 24 14:16:09 2021 -0800
6ca6e8
6ca6e8 
    regex: fix buffer read overrun in search [BZ#28470]
6ca6e8
6ca6e8 
    Problem reported by Benno Schulenberg in:
6ca6e8 
    https://lists.gnu.org/r/bug-gnulib/2021-10/msg00035.html
6ca6e8 
    * posix/regexec.c (re_search_internal): Use better bounds check.
6ca6e8
6ca6e8 
    (cherry picked from commit c52ef24829f95a819965214eeae28e3289a91a61)
6ca6e8
6ca6e8 
diff --git a/posix/regexec.c b/posix/regexec.c
6ca6e8 
index 83e9aaf8cad956a2..6aeba3c0b4da23cc 100644
6ca6e8 
--- a/posix/regexec.c
6ca6e8 
+++ b/posix/regexec.c
6ca6e8 
@@ -758,10 +758,9 @@ re_search_internal (const regex_t *preg, const char *string, Idx length,
6ca6e8
6ca6e8 
 		  offset = match_first - mctx.input.raw_mbs_idx;
6ca6e8 
 		}
6ca6e8 
-	      /* If MATCH_FIRST is out of the buffer, leave it as '\0'.
6ca6e8 
-		 Note that MATCH_FIRST must not be smaller than 0.  */
6ca6e8 
-	      ch = (match_first >= length
6ca6e8 
-		    ? 0 : re_string_byte_at (&mctx.input, offset));
6ca6e8 
+	      /* Use buffer byte if OFFSET is in buffer, otherwise '\0'.  */
6ca6e8 
+	      ch = (offset < mctx.input.valid_len
6ca6e8 
+		    ? re_string_byte_at (&mctx.input, offset) : 0);
6ca6e8 
 	      if (fastmap[ch])
6ca6e8 
 		break;
6ca6e8 
 	      match_first += incr;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation