Re: regex_internal: uninitialized memory access (long)

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: regex_internal: uninitialized memory access (long)

From:	Paul Eggert
Subject:	Re: regex_internal: uninitialized memory access (long)
Date:	Sat, 25 Aug 2018 00:46:51 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

Thanks for tracking this bug down. I introduced the bug in 2006 when I noticedthat the expression '(size_t) (mbclen + 2) > 2' can have undefined behavior on(admittedly unlikely) platforms where size_t is one bit narrower than int. (Suchplatforms have existed in the past - I even worked for a company that sold them!- though these days I expect they're rarely used.) I replaced the expressionwith 'mbclen < (size_t) -2' to avoid undefined behavior, but unfortunately myreplacement was incorrect as it is not equivalent when mbclen == 0.

Please try the attached gnulib patch, which should fix the problem in a portableway. Modern GCC optimizes the clear code just as well as the confusing code, sowe might as well write it clearly.

0001-regex-fix-uninitialized-memory-access.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

regex_internal: uninitialized memory access (long), Assaf Gordon, 2018/08/13
- Re: regex_internal: uninitialized memory access (long), Assaf Gordon, 2018/08/24
  - Re: regex_internal: uninitialized memory access (long), Paul Eggert <=
    - Re: regex_internal: uninitialized memory access (long), Assaf Gordon, 2018/08/25
    - Re: regex_internal: uninitialized memory access (long), Paul Eggert, 2018/08/25

Prev by Date: Re: regex_internal: uninitialized memory access (long)
Next by Date: Re: regex_internal: uninitialized memory access (long)
Previous by thread: Re: regex_internal: uninitialized memory access (long)
Next by thread: Re: regex_internal: uninitialized memory access (long)
Index(es):
- Date
- Thread