svn commit: r303676 - head/usr.bin/grep/regex

Tue, 02 Aug 2016 13:26:33 -0700 

Author: dim
Date: Tue Aug  2 20:25:22 2016
New Revision: 303676
URL: https://svnweb.freebsd.org/changeset/base/303676

Log:
  Fix a segfault in bsdgrep when parsing the invalid extended regexps "?"
  or "+" (these are invalid, because there is no preceding operand).
  
  When bsdgrep attempts to emulate GNU grep in discarding and ignoring the
  invalid ? or + operators, some later logic in tre_compile_fast() goes
  beyond the end of the buffer, leading to a crash.
  
  Fix this by bailing out, and reporting a bad pattern instead.
  
  Reported by:  Steve Kargl
  MFC after:    1 week

Modified:
  head/usr.bin/grep/regex/tre-fastmatch.c

Modified: head/usr.bin/grep/regex/tre-fastmatch.c
==============================================================================
--- head/usr.bin/grep/regex/tre-fastmatch.c     Tue Aug  2 20:18:43 2016        
(r303675)
+++ head/usr.bin/grep/regex/tre-fastmatch.c     Tue Aug  2 20:25:22 2016        
(r303676)
@@ -621,7 +621,7 @@ tre_compile_fast(fastmatch_t *fg, const 
          case TRE_CHAR('+'):
          case TRE_CHAR('?'):
            if ((cflags & REG_EXTENDED) && (i == 0))
-             continue;
+             goto badpat;
            else if ((cflags & REG_EXTENDED) ^ !escaped)
              STORE_CHAR;
            else
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to