diff options
| author | Andreas Schwab <schwab@redhat.com> | 2011-11-29 10:52:22 +0100 |
|---|---|---|
| committer | Andreas Schwab <schwab@redhat.com> | 2011-11-30 11:03:20 +0100 |
| commit | f3a6cc0a560a17f32a3e90d2f20501a53cab6058 (patch) | |
| tree | 52085ca0dbca778c7cdf92bf0ddebe8a6727a432 /locale/weightwc.h | |
| parent | c5a0802a682dba23f92d47f0f99775aebfbe2539 (diff) | |
| download | glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.tar.gz glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.tar.xz glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.zip | |
Fix access after end of search string in regex matcher
Diffstat (limited to 'locale/weightwc.h')
| -rw-r--r-- | locale/weightwc.h | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/locale/weightwc.h b/locale/weightwc.h index 9ea1126a24..7862091426 100644 --- a/locale/weightwc.h +++ b/locale/weightwc.h @@ -1,4 +1,4 @@ -/* Copyright (C) 1996-2001,2003,2004,2005,2007 Free Software Foundation, Inc. +/* Copyright (C) 1996-2001,2003,2004,2005,2007,2011 Free Software Foundation, Inc. This file is part of the GNU C Library. Written by Ulrich Drepper, <drepper@cygnus.com>. @@ -20,7 +20,7 @@ /* Find index of weight. */ auto inline int32_t __attribute ((always_inline)) -findidx (const wint_t **cpp) +findidx (const wint_t **cpp, size_t len) { wint_t ch = *(*cpp)++; int32_t i = __collidx_table_lookup ((const char *) table, ch); @@ -32,6 +32,7 @@ findidx (const wint_t **cpp) /* Oh well, more than one sequence starting with this byte. Search for the correct one. */ const int32_t *cp = (const int32_t *) &extra[-i]; + --len; while (1) { size_t nhere; @@ -54,7 +55,7 @@ findidx (const wint_t **cpp) already. */ size_t cnt; - for (cnt = 0; cnt < nhere; ++cnt) + for (cnt = 0; cnt < nhere && cnt < len; ++cnt) if (cp[cnt] != usrc[cnt]) break; @@ -75,7 +76,7 @@ findidx (const wint_t **cpp) size_t cnt; size_t offset; - for (cnt = 0; cnt < nhere - 1; ++cnt) + for (cnt = 0; cnt < nhere - 1 && cnt < len; ++cnt) if (cp[cnt] != usrc[cnt]) break; |