diff options
| author | Jim Meyering <meyering@fb.com> | 2014-07-12 17:07:21 -0700 |
|---|---|---|
| committer | Jim Meyering <meyering@fb.com> | 2014-07-13 21:25:22 -0700 |
| commit | 7ee03f00188723a4de2b85021e511ced6d7fc4be (patch) | |
| tree | b0f6e6b2f903f0da5cc7e3fa9f8c2b5d36ae9548 | |
| parent | 9d39d517a7c700d53e2f24e8855a9b3a5e046a63 (diff) | |
| download | glibc-7ee03f00188723a4de2b85021e511ced6d7fc4be.tar.gz glibc-7ee03f00188723a4de2b85021e511ced6d7fc4be.tar.xz glibc-7ee03f00188723a4de2b85021e511ced6d7fc4be.zip | |
regex: don't deref NULL upon heap allocation failure
* posix/regcomp.c: (parse_dup_op): Handle duplicate_tree failure in one more place. To trigger the segfault, configure grep -with-included-regex, build it, and run these commands: ( ulimit -v 300000; echo a|src/grep -E a+++++++++++++++++++++ )
| -rw-r--r-- | ChangeLog | 10 | ||||
| -rw-r--r-- | posix/regcomp.c | 2 |
2 files changed, 12 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index 3dd3cf06fb..41247ecc92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2014-07-13 Jim Meyering <meyering@fb.com> + + [BZ 17150] + regex: don't deref NULL upon heap allocation failure + * posix/regcomp.c: (parse_dup_op): Handle duplicate_tree + failure in one more place. + To trigger the segfault, configure grep -with-included-regex, + build it, and run these commands: + ( ulimit -v 300000; echo a|src/grep -E a+++++++++++++++++++++ ) + 2014-07-13 Andreas Schwab <schwab@linux-m68k.org> * sysdeps/m68k/m680x0/fpu/libm-test-ulps: Update. diff --git a/posix/regcomp.c b/posix/regcomp.c index 076eca3e7c..8f2747b3c9 100644 --- a/posix/regcomp.c +++ b/posix/regcomp.c @@ -2582,6 +2582,8 @@ parse_dup_op (bin_tree_t *elem, re_string_t *regexp, re_dfa_t *dfa, /* Duplicate ELEM before it is marked optional. */ elem = duplicate_tree (elem, dfa); + if (BE (elem == NULL, 0)) + goto parse_dup_op_espace; old_tree = tree; } else |