On Sat, Nov 15, 2014 at 1:11 AM, Norihiro Tanaka <nori...@kcn.ne.jp> wrote: > If original DFA does not have any CSETs, no memory allocated for CSET. > Even then DFA try to copy CSET from original DFA to the superset. As > a result, it is caused to access to unallocated memory. We have no test > case so that it is very difficult that we always reproduce this bug, as > CSET may be added only one in building superset.
Thank you for the patch. That seems like a fine change, but so far, I cannot see how it avoids accessing uninitialized memory. I do see that it fixes an error whereby memcpy was being called with its 2nd argument NULL, though in each case, the third argument is always 0. Passing a NULL pointer as the 2nd argument to memcpy is officially "undefined behavior", and I confirmed that building with gcc and its "undefined behavior sanitizer", the problem was exposed, and that your patch fixes it. Do you know of a way to make grep crash, as stated in your proposed NEWS entry? If so, please give details. It is UB after all. Perhaps you found a system whose memcpy dereferences the source pointer even when the size is 0?
