From 1051177e3c202667889628fd73aee7c3b470f99d Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Sat, 12 Jul 2014 16:33:49 -0700 Subject: [PATCH] regex: don't deref NULL upon heap allocation failure * lib/regcomp.c (parse_dup_op): Handle duplicate_tree failure in one more place. To trigger the segfault, configure grep -with-included-regex, build it, and run these commands: ( ulimit -v 300000; echo a|src/grep -E a+++++++++++++++++++++ ) I discovered this while replying to a private report from Jens Schleusener about excessive memory consumption by grep when using a regular expression like the one above. --- ChangeLog | 12 ++++++++++++ lib/regcomp.c | 2 ++ 2 files changed, 14 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0a7b82f..8131fd1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2014-07-12 Jim Meyering + + regex: don't deref NULL upon heap allocation failure + * lib/regcomp.c (parse_dup_op): Handle duplicate_tree + failure in one more place. + To trigger the segfault, configure grep -with-included-regex, + build it, and run these commands: + ( ulimit -v 300000; echo a|src/grep -E a+++++++++++++++++++++ ) + I discovered this while replying to a private report from + Jens Schleusener about excessive memory consumption by grep + when using a regular expression like the one above. + 2014-07-11 Paul Eggert regex: fix memory leak in compiler diff --git a/lib/regcomp.c b/lib/regcomp.c index 44c6c5e..c306ffb 100644 --- a/lib/regcomp.c +++ b/lib/regcomp.c @@ -2635,6 +2635,8 @@ parse_dup_op (bin_tree_t *elem, re_string_t *regexp, re_dfa_t *dfa, /* Duplicate ELEM before it is marked optional. */ elem = duplicate_tree (elem, dfa); + if (BE (elem == NULL, 0)) + goto parse_dup_op_espace; old_tree = tree; } else -- 2.0.0.421.g786a89d