svn commit: r303888 - stable/11/usr.bin/grep/regex
Dimitry Andric
dim at FreeBSD.org
Tue Aug 9 19:20:54 UTC 2016
Author: dim
Date: Tue Aug 9 19:20:53 2016
New Revision: 303888
URL: https://svnweb.freebsd.org/changeset/base/303888
Log:
MFC r303676:
Fix a segfault in bsdgrep when parsing the invalid extended regexps "?"
or "+" (these are invalid, because there is no preceding operand).
When bsdgrep attempts to emulate GNU grep in discarding and ignoring the
invalid ? or + operators, some later logic in tre_compile_fast() goes
beyond the end of the buffer, leading to a crash.
Fix this by bailing out, and reporting a bad pattern instead.
Approved by: re (gjb, kib)
Reported by: Steve Kargl
Modified:
stable/11/usr.bin/grep/regex/tre-fastmatch.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/usr.bin/grep/regex/tre-fastmatch.c
==============================================================================
--- stable/11/usr.bin/grep/regex/tre-fastmatch.c Tue Aug 9 19:06:05 2016 (r303887)
+++ stable/11/usr.bin/grep/regex/tre-fastmatch.c Tue Aug 9 19:20:53 2016 (r303888)
@@ -621,7 +621,7 @@ tre_compile_fast(fastmatch_t *fg, const
case TRE_CHAR('+'):
case TRE_CHAR('?'):
if ((cflags & REG_EXTENDED) && (i == 0))
- continue;
+ goto badpat;
else if ((cflags & REG_EXTENDED) ^ !escaped)
STORE_CHAR;
else
More information about the svn-src-stable
mailing list