snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity
void-packages/srcpkgs/glibc/patches/glibc-upstream-11.patch

82 lines
3.0 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 58559f14437d2aa71753a29fed435efa06aa4576 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 28 Aug 2018 21:54:28 +0200
Subject: [PATCH 11] regex: fix uninitialized memory access
I introduced this bug into gnulib in commit
8335a4d6c7b4448cd0bcb6d0bebf1d456bcfdb17 dated 2006-04-10;
eventually it was merged into glibc. The bug was found by
project-repo <bugs@feusi.co> and reported here:
https://lists.gnu.org/r/sed-devel/2018-08/msg00017.html
Diagnosis and draft fix reported by Assaf Gordon here:
https://lists.gnu.org/r/bug-gnulib/2018-08/msg00071.html
https://lists.gnu.org/r/bug-gnulib/2018-08/msg00142.html
* posix/regex_internal.c (build_wcs_upper_buffer):
Fix bug when mbrtowc returns 0.
(cherry picked from commit bc680b336971305cb39896b30d72dc7101b62242)
---
ChangeLog | 15 +++++++++++++++
NEWS | 1 +
posix/regex_internal.c | 4 ++--
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ef83777833..8625e6c9f5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,18 @@
+2018-08-25 Paul Eggert <eggert@cs.ucla.edu>
+
+ [BZ #23578]
+ regex: fix uninitialized memory access
+ I introduced this bug into gnulib in commit
+ 8335a4d6c7b4448cd0bcb6d0bebf1d456bcfdb17 dated 2006-04-10;
+ eventually it was merged into glibc. The bug was found by
+ project-repo <bugs@feusi.co> and reported here:
+ https://lists.gnu.org/r/sed-devel/2018-08/msg00017.html
+ Diagnosis and draft fix reported by Assaf Gordon here:
+ https://lists.gnu.org/r/bug-gnulib/2018-08/msg00071.html
+ https://lists.gnu.org/r/bug-gnulib/2018-08/msg00142.html
+ * posix/regex_internal.c (build_wcs_upper_buffer):
+ Fix bug when mbrtowc returns 0.
+
2018-08-27 Martin Kuchta <martin.kuchta@netapp.com>
Torvald Riegel <triegel@redhat.com>
diff --git a/NEWS b/NEWS
index 3073712cba..2855ffde58 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ The following bugs are resolved with this release:
[23497] readdir64@GLIBC_2.1 cannot parse the kernel directory stream
[23521] nss_files aliases database file stream leak
[23538] pthread_cond_broadcast: Fix waiters-after-spinning case
+ [23578] regex: Fix memory overread in re_compile_pattern
Version 2.28
diff --git a/posix/regex_internal.c b/posix/regex_internal.c
index 7f0083b918..b10588f1cc 100644
--- a/posix/regex_internal.c
+++ b/posix/regex_internal.c
@@ -317,7 +317,7 @@ build_wcs_upper_buffer (re_string_t *pstr)
mbclen = __mbrtowc (&wc,
((const char *) pstr->raw_mbs + pstr->raw_mbs_idx
+ byte_idx), remain_len, &pstr->cur_state);
- if (BE (mbclen < (size_t) -2, 1))
+ if (BE (0 < mbclen && mbclen < (size_t) -2, 1))
{
wchar_t wcu = __towupper (wc);
if (wcu != wc)
@@ -386,7 +386,7 @@ build_wcs_upper_buffer (re_string_t *pstr)
else
p = (const char *) pstr->raw_mbs + pstr->raw_mbs_idx + src_idx;
mbclen = __mbrtowc (&wc, p, remain_len, &pstr->cur_state);
- if (BE (mbclen < (size_t) -2, 1))
+ if (BE (0 < mbclen && mbclen < (size_t) -2, 1))
{
wchar_t wcu = __towupper (wc);
if (wcu != wc)
Reference in New Issue View Git Blame Copy Permalink