diff options
| author | Andreas Schwab <schwab@suse.de> | 2015-02-26 14:55:24 +0100 |
|---|---|---|
| committer | Andreas Schwab <schwab@suse.de> | 2015-02-26 16:05:08 +0100 |
| commit | 4a28f4d55a6cc33474c0792fe93b5942d81bf185 (patch) | |
| tree | eda443d1e0a8eb431f21f472c96c3ea89d7d0b69 | |
| parent | 524ae9ea2e3ae9f5bf5d655595fda827e9dc50a1 (diff) | |
| download | glibc-4a28f4d55a6cc33474c0792fe93b5942d81bf185.tar.gz glibc-4a28f4d55a6cc33474c0792fe93b5942d81bf185.tar.xz glibc-4a28f4d55a6cc33474c0792fe93b5942d81bf185.zip | |
Fix read past end of pattern in fnmatch (bug 18032)
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | posix/fnmatch_loop.c | 5 | ||||
| -rw-r--r-- | posix/tst-fnmatch3.c | 8 |
4 files changed, 15 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog index 432c35d5aa..90c42c85a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2015-02-26 Andreas Schwab <schwab@suse.de> + + [BZ #18032] + * posix/fnmatch_loop.c (FCT): Remove extra increment when skipping + over collating symbol inside a bracket expression. Minor cleanup. + * posix/tst-fnmatch3.c (do_test): Add test case. + 2015-02-26 Joseph Myers <joseph@codesourcery.com> [BZ #18029] diff --git a/NEWS b/NEWS index 75e83e0a17..77e081464d 100644 --- a/NEWS +++ b/NEWS @@ -12,7 +12,7 @@ Version 2.22 4719, 14841, 13064, 14094, 15319, 15467, 15790, 15969, 16560, 16783, 17269, 17523, 17569, 17588, 17792, 17836, 17912, 17916, 17932, 17944, 17949, 17964, 17965, 17967, 17969, 17978, 17987, 17991, 17996, 17998, - 17999, 18019, 18020, 18029. + 17999, 18019, 18020, 18029, 18032. * Character encoding and ctype tables were updated to Unicode 7.0.0, using new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c index c0cb2fc3e6..72c5d8f041 100644 --- a/posix/fnmatch_loop.c +++ b/posix/fnmatch_loop.c @@ -945,14 +945,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) } else if (c == L('[') && *p == L('.')) { - ++p; while (1) { c = *++p; - if (c == '\0') + if (c == L('\0')) return FNM_NOMATCH; - if (*p == L('.') && p[1] == L(']')) + if (c == L('.') && p[1] == L(']')) break; } p += 2; diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c index d27a557c7c..75bc00a2c5 100644 --- a/posix/tst-fnmatch3.c +++ b/posix/tst-fnmatch3.c @@ -21,9 +21,11 @@ int do_test (void) { - const char *pattern = "[[:alpha:]'[:alpha:]\0]"; - - return fnmatch (pattern, "a", 0) != FNM_NOMATCH; + if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH) + return 1; + if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH) + return 1; + return 0; } #define TEST_FUNCTION do_test () |