diff options
author | Rich Felker <dalias@aerifal.cx> | 2012-04-14 22:32:42 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2012-04-14 22:32:42 -0400 |
commit | b9dd43db04ca312c3c1cc6ddc77e8f5bf559e72d (patch) | |
tree | 2d6a2a27eef35003b7a99481d70d62c5d4c11159 /src/regex | |
parent | 0115a6ed964f4afe87847a252363801e96194f0b (diff) | |
download | musl-b9dd43db04ca312c3c1cc6ddc77e8f5bf559e72d.tar.gz |
fix signedness error handling invalid multibyte sequences in regexec
the "< 0" test was always false due to use of an unsigned type. this
resulted in infinite loops on 32-bit machines (adding -1U to a pointer
is the same as adding -1) and crashes on 64-bit machines (offsetting
the string pointer by 4gb-1b when an illegal sequence was hit).
Diffstat (limited to 'src/regex')
-rw-r--r-- | src/regex/regexec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/regex/regexec.c b/src/regex/regexec.c index 79874ca5..8107aae7 100644 --- a/src/regex/regexec.c +++ b/src/regex/regexec.c @@ -174,7 +174,7 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string, tre_char_t prev_c = 0, next_c = 0; const char *str_byte = string; int pos = -1; - unsigned int pos_add_next = 1; + int pos_add_next = 1; #ifdef TRE_MBSTATE mbstate_t mbstate; #endif /* TRE_MBSTATE */ @@ -583,7 +583,7 @@ tre_tnfa_run_backtrack(const tre_tnfa_t *tnfa, const void *string, tre_char_t prev_c = 0, next_c = 0; const char *str_byte = string; int pos = 0; - unsigned int pos_add_next = 1; + int pos_add_next = 1; #ifdef TRE_MBSTATE mbstate_t mbstate; #endif /* TRE_MBSTATE */ |