首页 发现 帮助
登录
hongwenjun
/
musl
镜像自地址 https://git.musl-libc.org/git/musl
1
0
派生 0
文件 工单管理 0 Wiki
浏览代码

fix regcomp handling of backslash followed by high byte

the regex parser handles the (undefined) case of an unexpected byte
following a backslash as a literal. however, instead of correctly
decoding a character, it was treating the byte value itself as a
character. this was not only semantically unjustified, but turned out
to be dangerous on archs where plain char is signed: bytes in the
range 252-255 alias the internal codes -4 through -1 used for special
types of literal nodes in the AST.

analogous to commit 39dfd58417ef642307d90306e1c7e50aaec5a35c in
mainline. it's unclear whether the same crash that affected mainline
is possible in the older regcomp code in 1.0.x, but conceptually the
bug is the same.
Rich Felker 10 年之前
父节点
7987653d57
当前提交
ee6f8114df
共有 1 个文件被更改,包括 1 次插入4 次删除
合并视图 显示文件统计
  1. 1 4
      src/regex/regcomp.c

+ 1 - 4
src/regex/regcomp.c
查看文件 

@@ -1298,10 +1298,7 @@ tre_parse(tre_parse_ctx_t *ctx)
 
 		  else
 
 		  else
 
 		    {
 
 		    {
 
 		      /* Escaped character. */
 
 		      /* Escaped character. */
 
-		      result = tre_ast_new_literal(ctx->mem, *ctx->re, *ctx->re,
 
-						   ctx->position);
 
-		      ctx->position++;
 
-		      ctx->re++;
 
+		      goto parse_literal;
 
 		    }
 
 		    }
 
 		  break;
 
 		  break;
 
 		}
 
 		}