Home Explore Help
Sign In
hongwenjun
/
musl
mirror of https://git.musl-libc.org/git/musl
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix memory-corruption in regcomp with backslash followed by high byte

the regex parser handles the (undefined) case of an unexpected byte
following a backslash as a literal. however, instead of correctly
decoding a character, it was treating the byte value itself as a
character. this was not only semantically unjustified, but turned out
to be dangerous on archs where plain char is signed: bytes in the
range 252-255 alias the internal codes -4 through -1 used for special
types of literal nodes in the AST.
Rich Felker 10 years ago
parent
e626deeec8
commit
39dfd58417
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/regex/regcomp.c

+ 1 - 1
src/regex/regcomp.c
View File 

@@ -847,7 +847,7 @@ static reg_errcode_t parse_atom(tre_parse_ctx_t *ctx, const char *s)
 
 			} else {
 
 				/* extension: accept unknown escaped char
 
 				   as a literal */
 
-				node = tre_ast_new_literal(ctx->mem, *s, *s, ctx->position);
 
+				goto parse_literal;
 
 			}
 
 			ctx->position++;
 
 		}