Date: Fri, 2 Feb 2024 18:53:21 GMT From: Warner Losh <imp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 619f455b8fc9 - main - regex: fix freeing g->charjump in low memory condition Message-ID: <202402021853.412IrLw7036251@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=619f455b8fc9d05b50822387d3203f74c86fcb5c commit 619f455b8fc9d05b50822387d3203f74c86fcb5c Author: Corinna Vinschen <vinschen@redhat.com> AuthorDate: 2024-02-02 18:30:39 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2024-02-02 18:51:54 +0000 regex: fix freeing g->charjump in low memory condition computejumps() moves g->charjump to a position relativ to the value of CHAR_MIN. As such, g->charjump doesn't necessarily point to the address actually allocated. While regfree() takes that into account, the low memory handling in regcomp_internal() doesn't. Fix that by free'ing the actually allocated address, as in regfree(). MFC After: 2 weeks Reviewed by: imp,jrtc27 Pull Request: https://github.com/freebsd/freebsd-src/pull/692 --- lib/libc/regex/regcomp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libc/regex/regcomp.c b/lib/libc/regex/regcomp.c index 89b96b00fefb..7481d3ecf240 100644 --- a/lib/libc/regex/regcomp.c +++ b/lib/libc/regex/regcomp.c @@ -321,7 +321,7 @@ regcomp_internal(regex_t * __restrict preg, computejumps(p, g); computematchjumps(p, g); if(g->matchjump == NULL && g->charjump != NULL) { - free(g->charjump); + free(&g->charjump[CHAR_MIN]); g->charjump = NULL; } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202402021853.412IrLw7036251>