git: 619f455b8fc9 - main - regex: fix freeing g->charjump in low memory condition
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 02 Feb 2024 18:53:21 UTC
The branch main has been updated by imp:
URL: https://cgit.FreeBSD.org/src/commit/?id=619f455b8fc9d05b50822387d3203f74c86fcb5c
commit 619f455b8fc9d05b50822387d3203f74c86fcb5c
Author: Corinna Vinschen <vinschen@redhat.com>
AuthorDate: 2024-02-02 18:30:39 +0000
Commit: Warner Losh <imp@FreeBSD.org>
CommitDate: 2024-02-02 18:51:54 +0000
regex: fix freeing g->charjump in low memory condition
computejumps() moves g->charjump to a position relativ to the value of
CHAR_MIN. As such, g->charjump doesn't necessarily point to the address
actually allocated. While regfree() takes that into account, the low
memory handling in regcomp_internal() doesn't. Fix that by free'ing
the actually allocated address, as in regfree().
MFC After: 2 weeks
Reviewed by: imp,jrtc27
Pull Request: https://github.com/freebsd/freebsd-src/pull/692
---
lib/libc/regex/regcomp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/libc/regex/regcomp.c b/lib/libc/regex/regcomp.c
index 89b96b00fefb..7481d3ecf240 100644
--- a/lib/libc/regex/regcomp.c
+++ b/lib/libc/regex/regcomp.c
@@ -321,7 +321,7 @@ regcomp_internal(regex_t * __restrict preg,
computejumps(p, g);
computematchjumps(p, g);
if(g->matchjump == NULL && g->charjump != NULL) {
- free(g->charjump);
+ free(&g->charjump[CHAR_MIN]);
g->charjump = NULL;
}
}