summary refs log tree commit diff
path: root/locale
diff options
context:
space:
mode:
authorAndreas Schwab <schwab@redhat.com>2011-11-29 10:52:22 +0100
committerAndreas Schwab <schwab@redhat.com>2011-11-30 11:03:20 +0100
commitf3a6cc0a560a17f32a3e90d2f20501a53cab6058 (patch)
tree52085ca0dbca778c7cdf92bf0ddebe8a6727a432 /locale
parentc5a0802a682dba23f92d47f0f99775aebfbe2539 (diff)
downloadglibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.tar.gz
glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.tar.xz
glibc-f3a6cc0a560a17f32a3e90d2f20501a53cab6058.zip
Fix access after end of search string in regex matcher
Diffstat (limited to 'locale')
-rw-r--r--locale/weight.h11
-rw-r--r--locale/weightwc.h9
2 files changed, 11 insertions, 9 deletions
diff --git a/locale/weight.h b/locale/weight.h
index dc70a00be5..967e176ca6 100644
--- a/locale/weight.h
+++ b/locale/weight.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996,1997,1998,1999,2000,2003,2004 Free Software Foundation, Inc.
+/* Copyright (C) 1996,1997,1998,1999,2000,2003,2004,2011 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Written by Ulrich Drepper, <drepper@cygnus.com>.
 
@@ -20,7 +20,7 @@
 /* Find index of weight.  */
 auto inline int32_t
 __attribute ((always_inline))
-findidx (const unsigned char **cpp)
+findidx (const unsigned char **cpp, size_t len)
 {
   int_fast32_t i = table[*(*cpp)++];
   const unsigned char *cp;
@@ -34,6 +34,7 @@ findidx (const unsigned char **cpp)
      Search for the correct one.  */
   cp = &extra[-i];
   usrc = *cpp;
+  --len;
   while (1)
     {
       size_t nhere;
@@ -56,7 +57,7 @@ findidx (const unsigned char **cpp)
 	     already.  */
 	  size_t cnt;
 
-	  for (cnt = 0; cnt < nhere; ++cnt)
+	  for (cnt = 0; cnt < nhere && cnt < len; ++cnt)
 	    if (cp[cnt] != usrc[cnt])
 	      break;
 
@@ -79,13 +80,13 @@ findidx (const unsigned char **cpp)
 	  size_t cnt;
 	  size_t offset = 0;
 
-	  for (cnt = 0; cnt < nhere; ++cnt)
+	  for (cnt = 0; cnt < nhere && cnt < len; ++cnt)
 	    if (cp[cnt] != usrc[cnt])
 	      break;
 
 	  if (cnt != nhere)
 	    {
-	      if (cp[cnt] > usrc[cnt])
+	      if (cnt == len || cp[cnt] > usrc[cnt])
 		{
 		  /* Cannot be in this range.  */
 		  cp += 2 * nhere;
diff --git a/locale/weightwc.h b/locale/weightwc.h
index 9ea1126a24..7862091426 100644
--- a/locale/weightwc.h
+++ b/locale/weightwc.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996-2001,2003,2004,2005,2007 Free Software Foundation, Inc.
+/* Copyright (C) 1996-2001,2003,2004,2005,2007,2011 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Written by Ulrich Drepper, <drepper@cygnus.com>.
 
@@ -20,7 +20,7 @@
 /* Find index of weight.  */
 auto inline int32_t
 __attribute ((always_inline))
-findidx (const wint_t **cpp)
+findidx (const wint_t **cpp, size_t len)
 {
   wint_t ch = *(*cpp)++;
   int32_t i = __collidx_table_lookup ((const char *) table, ch);
@@ -32,6 +32,7 @@ findidx (const wint_t **cpp)
   /* Oh well, more than one sequence starting with this byte.
      Search for the correct one.  */
   const int32_t *cp = (const int32_t *) &extra[-i];
+  --len;
   while (1)
     {
       size_t nhere;
@@ -54,7 +55,7 @@ findidx (const wint_t **cpp)
 	     already.  */
 	  size_t cnt;
 
-	  for (cnt = 0; cnt < nhere; ++cnt)
+	  for (cnt = 0; cnt < nhere && cnt < len; ++cnt)
 	    if (cp[cnt] != usrc[cnt])
 	      break;
 
@@ -75,7 +76,7 @@ findidx (const wint_t **cpp)
 	  size_t cnt;
 	  size_t offset;
 
-	  for (cnt = 0; cnt < nhere - 1; ++cnt)
+	  for (cnt = 0; cnt < nhere - 1 && cnt < len; ++cnt)
 	    if (cp[cnt] != usrc[cnt])
 	      break;