Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 14 Feb 2012 12:06:56 +0000 (UTC)
From:      Gabor Kovesdan <gabor@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-user@freebsd.org
Subject:   svn commit: r231674 - user/gabor/tre-integration/contrib/tre/lib
Message-ID:  <201202141206.q1EC6uEW097436@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: gabor
Date: Tue Feb 14 12:06:56 2012
New Revision: 231674
URL: http://svn.freebsd.org/changeset/base/231674

Log:
  - Fix possible segfaults by reading before or after the bounds of the input
    string
  - Fix a bug in the relative end offset of the context that caused that
    some matches were missing

Modified:
  user/gabor/tre-integration/contrib/tre/lib/regexec.c

Modified: user/gabor/tre-integration/contrib/tre/lib/regexec.c
==============================================================================
--- user/gabor/tre-integration/contrib/tre/lib/regexec.c	Tue Feb 14 12:03:23 2012	(r231673)
+++ user/gabor/tre-integration/contrib/tre/lib/regexec.c	Tue Feb 14 12:06:56 2012	(r231674)
@@ -224,8 +224,8 @@ tre_match(const tre_tnfa_t *tnfa, const 
 	      else
 		{
 		  size_t rem = heur->tlen - (pmatch[0].rm_eo - pmatch[0].rm_so);
-		  so = st + pmatch[0].rm_so - rem;
-		  eo = st + pmatch[0].rm_eo + rem;
+		  so = st + pmatch[0].rm_so <= rem ? 0 : st + pmatch[0].rm_so - rem;
+		  eo = st + pmatch[0].rm_eo + rem >= len ? len : st + pmatch[0].rm_eo + rem;
 		}
 
 	      SEEK_TO(so);
@@ -247,7 +247,7 @@ tre_match(const tre_tnfa_t *tnfa, const 
 	     if (ret != REG_OK)
 	       return ret;
 	     st += pmatch[0].rm_so;
-	     n = pmatch[0].rm_eo;
+	     n = pmatch[0].rm_eo - pmatch[0].rm_so;
 
 	     /* Intermediate heuristics */
 	     while (!(heur->heurs[i] == NULL) &&
@@ -255,6 +255,8 @@ tre_match(const tre_tnfa_t *tnfa, const 
 		   ((heur->heurs[i + 1] == NULL) && (heur->type == HEUR_PREFIX_ARRAY))))
 		{
 		  SEEK_TO(st + n);
+		  if (len <= st + n)
+		    return REG_NOMATCH;
 		  ret = tre_match_fast(heur->heurs[i], string, len - st - n,
 				       type, nmatch, pmatch, eflags);
 		  if (ret != REG_OK)
@@ -267,6 +269,8 @@ tre_match(const tre_tnfa_t *tnfa, const 
 	    if ((heur->type == HEUR_ARRAY) && heur->heurs[i] != NULL)
 	      {
 		SEEK_TO(st + n);
+		if (len <= st + n)
+		  return REG_NOMATCH;
 		ret = tre_match_fast(heur->heurs[i], string, len - st - n,
 				     type, nmatch, pmatch, eflags);
 		if (ret != REG_OK)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202141206.q1EC6uEW097436>