|
| From: | Paul Eggert |
| Subject: | Re: bug#32592: heap-use-after-free in regex module |
| Date: | Thu, 6 Sep 2018 00:18:18 -0700 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
Jim Meyering wrote:
I couldn't help but notice this nonsense right after the line
you inserted:
if (err == REG_NOMATCH)
continue;
}
That is an "if (...) continue;" just before the closing brace of a
for-loop. Those two lines constitute a no-op and should be removed,
though not as part of your change.
Actually I think the abovementioned code should be kept, and the nonsense comes from the fact that some code is missing after the "if". When err != REG_NOMATCH && err != REG_NOERROR, the function should exit the loop and return immediately, because there is a memory allocation error in a subroutine.
What a coincidence that we would find two bugs right next to each other, huh?...I filed a bug report against glibc, and unless there's an objection I would like to fix both bugs in glibc and propagate the fix into gnulib. Please see the glibc bug here:
https://sourceware.org/bugzilla/show_bug.cgi?id=23609
| [Prev in Thread] | Current Thread | [Next in Thread] |