[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bug#32592: heap-use-after-free in regex module

From: Paul Eggert
Subject: Re: bug#32592: heap-use-after-free in regex module
Date: Thu, 6 Sep 2018 00:18:18 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

Jim Meyering wrote:
I couldn't help but notice this nonsense right after the line
you inserted:

           if (err == REG_NOMATCH)

That is an "if (...) continue;" just before the closing brace of a
for-loop. Those two lines constitute a no-op and should be removed,
though not as part of your change.

Actually I think the abovementioned code should be kept, and the nonsense comes from the fact that some code is missing after the "if". When err != REG_NOMATCH && err != REG_NOERROR, the function should exit the loop and return immediately, because there is a memory allocation error in a subroutine.

What a coincidence that we would find two bugs right next to each other, huh?...

I filed a bug report against glibc, and unless there's an objection I would like to fix both bugs in glibc and propagate the fix into gnulib. Please see the glibc bug here:


reply via email to

[Prev in Thread] Current Thread [Next in Thread]