[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: regex_internal: uninitialized memory access (long)

From: Paul Eggert
Subject: Re: regex_internal: uninitialized memory access (long)
Date: Sat, 25 Aug 2018 00:46:51 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

Thanks for tracking this bug down. I introduced the bug in 2006 when I noticed that the expression '(size_t) (mbclen + 2) > 2' can have undefined behavior on (admittedly unlikely) platforms where size_t is one bit narrower than int. (Such platforms have existed in the past - I even worked for a company that sold them! - though these days I expect they're rarely used.) I replaced the expression with 'mbclen < (size_t) -2' to avoid undefined behavior, but unfortunately my replacement was incorrect as it is not equivalent when mbclen == 0.

Please try the attached gnulib patch, which should fix the problem in a portable way. Modern GCC optimizes the clear code just as well as the confusing code, so we might as well write it clearly.

Attachment: 0001-regex-fix-uninitialized-memory-access.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]