From 951d64082330765a22da6beac6e067ec054605e7 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Sun, 23 Nov 2003 19:21:23 +0000 Subject: Update. * posix/regexec.c: Correct several memory allocation problems. Add more BE. * posix/regex_internal.c: Likewise. * posix/regcomp.c: Likewise. --- ChangeLog | 5 +++++ posix/ptestcases.h | 1 + posix/regcomp.c | 57 ++++++++++++++++++++++++++++--------------------- posix/regex_internal.c | 43 ++++++++++++++++++++----------------- posix/regexec.c | 58 ++++++++++++++++++++++++++++---------------------- 5 files changed, 94 insertions(+), 70 deletions(-) diff --git a/ChangeLog b/ChangeLog index b24b8d8b79..63444d48bd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 2003-11-23 Ulrich Drepper + * posix/regexec.c: Correct several memory allocation problems. + Add more BE. + * posix/regex_internal.c: Likewise. + * posix/regcomp.c: Likewise. + * posix/regexec.c: Add const in a number of places. * posix/regex_internal.h: Make EPSILON_BIT a macro to help debugging. Its value isn't important. diff --git a/posix/ptestcases.h b/posix/ptestcases.h index 8f008acf5a..2819004b50 100644 --- a/posix/ptestcases.h +++ b/posix/ptestcases.h @@ -265,6 +265,7 @@ { 1, 63, "a\\{1,63\\}", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", }, { 0, 0, "2.8.3.4 BRE Precedence", NULL, }, { 0, 0, "GA143", NULL, }, + { 0, 0, NULL, "There are numerous bugs in the original version." }, { 2, 19, "\\^\\[[[.].]]\\\\(\\\\1\\\\)\\*\\\\{1,2\\\\}\\$", "a^[]\\(\\1\\)*\\{1,2\\}$b", }, { 1, 6, "[[=*=]][[=\\=]][[=]=]][[===]][[...]][[:punct:]]", "*\\]=.;", }, { 1, 6, "[$\\(*\\)^]*", "$\\()*^", }, diff --git a/posix/regcomp.c b/posix/regcomp.c index 6a776374a9..6fb1844599 100644 --- a/posix/regcomp.c +++ b/posix/regcomp.c @@ -726,7 +726,7 @@ re_compile_internal (preg, pattern, length, syntax) /* Initialize the dfa. */ dfa = (re_dfa_t *) preg->buffer; - if (preg->allocated < sizeof (re_dfa_t)) + if (BE (preg->allocated < sizeof (re_dfa_t), 0)) { /* If zero allocated, but buffer is non-null, try to realloc enough space. This loses if buffer's address is bogus, but @@ -736,8 +736,8 @@ re_compile_internal (preg, pattern, length, syntax) if (dfa == NULL) return REG_ESPACE; preg->allocated = sizeof (re_dfa_t); + preg->buffer = (unsigned char *) dfa; } - preg->buffer = (unsigned char *) dfa; preg->used = sizeof (re_dfa_t); err = init_dfa (dfa, length); @@ -2269,7 +2269,7 @@ parse_sub_exp (regexp, preg, token, syntax, nest, err) bin_tree_t *tree, *left_par, *right_par; size_t cur_nsub; cur_nsub = preg->re_nsub++; - if (dfa->subexps_alloc < preg->re_nsub) + if (BE (dfa->subexps_alloc < preg->re_nsub, 0)) { re_subexp_t *new_array; dfa->subexps_alloc *= 2; @@ -2537,7 +2537,7 @@ build_range_exp (sbcset, start_elem, end_elem) return REG_ERANGE; /* Check the space of the arrays. */ - if (*range_alloc == mbcset->nranges) + if (BE (*range_alloc == mbcset->nranges, 0)) { /* There are not enough space, need realloc. */ wchar_t *new_array_start, *new_array_end; @@ -2764,7 +2764,7 @@ parse_bracket_exp (regexp, dfa, token, syntax, err) # ifdef RE_ENABLE_I18N /* Check the space of the arrays. */ - if (*range_alloc == mbcset->nranges) + if (BE (*range_alloc == mbcset->nranges, 0)) { /* There are not enough space, need realloc. */ uint32_t *new_array_start; @@ -2870,17 +2870,19 @@ parse_bracket_exp (regexp, dfa, token, syntax, err) # ifdef RE_ENABLE_I18N /* Got valid collation sequence, add it as a new entry. */ /* Check the space of the arrays. */ - if (*coll_sym_alloc == mbcset->ncoll_syms) + if (BE (*coll_sym_alloc == mbcset->ncoll_syms, 0)) { /* Not enough, realloc it. */ /* +1 in case of mbcset->ncoll_syms is 0. */ - *coll_sym_alloc = 2 * mbcset->ncoll_syms + 1; + int new_coll_sym_alloc = 2 * mbcset->ncoll_syms + 1; /* Use realloc since mbcset->coll_syms is NULL if *alloc == 0. */ - mbcset->coll_syms = re_realloc (mbcset->coll_syms, int32_t, - *coll_sym_alloc); - if (BE (mbcset->coll_syms == NULL, 0)) + int32_t *new_coll_syms = re_realloc (mbcset->coll_syms, int32_t, + new_coll_sym_alloc); + if (BE (new_coll_syms == NULL, 0)) return REG_ESPACE; + mbcset->coll_syms = new_coll_syms; + *coll_sym_alloc = new_coll_sym_alloc; } mbcset->coll_syms[mbcset->ncoll_syms++] = idx; # endif /* RE_ENABLE_I18N */ @@ -3058,16 +3060,18 @@ parse_bracket_exp (regexp, dfa, token, syntax, err) #ifdef RE_ENABLE_I18N case MB_CHAR: /* Check whether the array has enough space. */ - if (mbchar_alloc == mbcset->nmbchars) + if (BE (mbchar_alloc == mbcset->nmbchars, 0)) { + wchar_t *new_mbchars; /* Not enough, realloc it. */ /* +1 in case of mbcset->nmbchars is 0. */ mbchar_alloc = 2 * mbcset->nmbchars + 1; /* Use realloc since array is NULL if *alloc == 0. */ - mbcset->mbchars = re_realloc (mbcset->mbchars, wchar_t, - mbchar_alloc); - if (BE (mbcset->mbchars == NULL, 0)) + new_mbchars = re_realloc (mbcset->mbchars, wchar_t, + mbchar_alloc); + if (BE (new_mbchars == NULL, 0)) goto parse_bracket_exp_espace; + mbcset->mbchars = new_mbchars; } mbcset->mbchars[mbcset->nmbchars++] = start_elem.opr.wch; break; @@ -3339,16 +3343,19 @@ build_equiv_class (sbcset, name) } } /* Check whether the array has enough space. */ - if (*equiv_class_alloc == mbcset->nequiv_classes) + if (BE (*equiv_class_alloc == mbcset->nequiv_classes, 0)) { /* Not enough, realloc it. */ /* +1 in case of mbcset->nequiv_classes is 0. */ - *equiv_class_alloc = 2 * mbcset->nequiv_classes + 1; + int new_equiv_class_alloc = 2 * mbcset->nequiv_classes + 1; /* Use realloc since the array is NULL if *alloc == 0. */ - mbcset->equiv_classes = re_realloc (mbcset->equiv_classes, int32_t, - *equiv_class_alloc); - if (BE (mbcset->equiv_classes == NULL, 0)) + int32_t *new_equiv_classes = re_realloc (mbcset->equiv_classes, + int32_t, + new_equiv_class_alloc); + if (BE (new_equiv_classes == NULL, 0)) return REG_ESPACE; + mbcset->equiv_classes = new_equiv_classes; + *equiv_class_alloc = new_equiv_class_alloc; } mbcset->equiv_classes[mbcset->nequiv_classes++] = idx1; } @@ -3392,16 +3399,18 @@ build_charclass (trans, sbcset, class_name, syntax) #ifdef RE_ENABLE_I18N /* Check the space of the arrays. */ - if (*char_class_alloc == mbcset->nchar_classes) + if (BE (*char_class_alloc == mbcset->nchar_classes, 0)) { /* Not enough, realloc it. */ /* +1 in case of mbcset->nchar_classes is 0. */ - *char_class_alloc = 2 * mbcset->nchar_classes + 1; + int new_char_class_alloc = 2 * mbcset->nchar_classes + 1; /* Use realloc since array is NULL if *alloc == 0. */ - mbcset->char_classes = re_realloc (mbcset->char_classes, wctype_t, - *char_class_alloc); - if (BE (mbcset->char_classes == NULL, 0)) + wctype_t *new_char_classes = re_realloc (mbcset->char_classes, wctype_t, + new_char_class_alloc); + if (BE (new_char_classes == NULL, 0)) return REG_ESPACE; + mbcset->char_classes = new_char_classes; + *char_class_alloc = new_char_class_alloc; } mbcset->char_classes[mbcset->nchar_classes++] = __wctype (name); #endif /* RE_ENABLE_I18N */ diff --git a/posix/regex_internal.c b/posix/regex_internal.c index 50d6a79300..8b68bd62cb 100644 --- a/posix/regex_internal.c +++ b/posix/regex_internal.c @@ -756,10 +756,12 @@ re_node_set_add_intersect (dest, src1, src2) { if (src1->nelem + src2->nelem + dest->nelem > dest->alloc) { - dest->alloc = src1->nelem + src2->nelem + dest->nelem; - dest->elems = re_realloc (dest->elems, int, dest->alloc); - if (BE (dest->elems == NULL, 0)) + int new_alloc = src1->nelem + src2->nelem + dest->nelem; + int *new_elems = re_realloc (dest->elems, int, new_alloc); + if (BE (new_elems == NULL, 0)) return REG_ESPACE; + dest->elems = new_elems; + dest->alloc = new_alloc; } } else @@ -857,12 +859,12 @@ re_node_set_merge (dest, src) return REG_NOERROR; if (dest->alloc < src->nelem + dest->nelem) { - int *new_buffer; - dest->alloc = 2 * (src->nelem + dest->alloc); - new_buffer = re_realloc (dest->elems, int, dest->alloc); + int new_alloc = 2 * (src->nelem + dest->alloc); + int *new_buffer = re_realloc (dest->elems, int, new_alloc); if (BE (new_buffer == NULL, 0)) return REG_ESPACE; dest->elems = new_buffer; + dest->alloc = new_alloc; } for (si = 0, di = 0 ; si < src->nelem && di < dest->nelem ;) @@ -1042,25 +1044,24 @@ re_dfa_add_node (dfa, token, mode) { if (BE (dfa->nodes_len >= dfa->nodes_alloc, 0)) { - re_token_t *new_array; - dfa->nodes_alloc *= 2; - new_array = re_realloc (dfa->nodes, re_token_t, dfa->nodes_alloc); + int new_nodes_alloc = dfa->nodes_alloc * 2; + re_token_t *new_array = re_realloc (dfa->nodes, re_token_t, + new_nodes_alloc); if (BE (new_array == NULL, 0)) return -1; - else - dfa->nodes = new_array; + dfa->nodes = new_array; if (mode) { int *new_nexts, *new_indices; re_node_set *new_edests, *new_eclosures, *new_inveclosures; - new_nexts = re_realloc (dfa->nexts, int, dfa->nodes_alloc); - new_indices = re_realloc (dfa->org_indices, int, dfa->nodes_alloc); - new_edests = re_realloc (dfa->edests, re_node_set, dfa->nodes_alloc); + new_nexts = re_realloc (dfa->nexts, int, new_nodes_alloc); + new_indices = re_realloc (dfa->org_indices, int, new_nodes_alloc); + new_edests = re_realloc (dfa->edests, re_node_set, new_nodes_alloc); new_eclosures = re_realloc (dfa->eclosures, re_node_set, - dfa->nodes_alloc); + new_nodes_alloc); new_inveclosures = re_realloc (dfa->inveclosures, re_node_set, - dfa->nodes_alloc); + new_nodes_alloc); if (BE (new_nexts == NULL || new_indices == NULL || new_edests == NULL || new_eclosures == NULL || new_inveclosures == NULL, 0)) @@ -1071,6 +1072,7 @@ re_dfa_add_node (dfa, token, mode) dfa->eclosures = new_eclosures; dfa->inveclosures = new_inveclosures; } + dfa->nodes_alloc = new_nodes_alloc; } dfa->nodes[dfa->nodes_len] = token; dfa->nodes[dfa->nodes_len].duplicated = 0; @@ -1223,14 +1225,15 @@ register_state (dfa, newstate, hash) struct re_state_table_entry *spot; spot = dfa->state_table + (hash & dfa->state_hash_mask); - if (spot->alloc <= spot->num) + if (BE (spot->alloc <= spot->num, 0)) { - re_dfastate_t **new_array; - spot->alloc = 2 * spot->num + 2; - new_array = re_realloc (spot->array, re_dfastate_t *, spot->alloc); + int new_alloc = 2 * spot->num + 2; + re_dfastate_t **new_array = re_realloc (spot->array, re_dfastate_t *, + new_alloc); if (BE (new_array == NULL, 0)) return REG_ESPACE; spot->array = new_array; + spot->alloc = new_alloc; } spot->array[spot->num++] = newstate; return REG_NOERROR; diff --git a/posix/regexec.c b/posix/regexec.c index 42b561a0cd..0b524856ca 100644 --- a/posix/regexec.c +++ b/posix/regexec.c @@ -469,7 +469,7 @@ re_copy_regs (regs, pmatch, nregs, regs_allocated) { /* Yes. If we need more elements than were already allocated, reallocate them. If we need fewer, just leave it alone. */ - if (need_regs > regs->num_regs) + if (BE (need_regs > regs->num_regs, 0)) { regs->start = re_realloc (regs->start, regoff_t, need_regs); if (BE (regs->start == NULL, 0)) @@ -2666,14 +2666,17 @@ check_arrival (preg, mctx, path, top_node, top_str, last_node, last_str, subexp_num = dfa->nodes[top_node].opr.idx; /* Extend the buffer if we need. */ - if (path->alloc < last_str + mctx->max_mb_elem_len + 1) + if (BE (path->alloc < last_str + mctx->max_mb_elem_len + 1, 0)) { re_dfastate_t **new_array; int old_alloc = path->alloc; path->alloc += last_str + mctx->max_mb_elem_len + 1; new_array = re_realloc (path->array, re_dfastate_t *, path->alloc); if (new_array == NULL) - return REG_ESPACE; + { + path->alloc = old_alloc; + return REG_ESPACE; + } path->array = new_array; memset (new_array + old_alloc, '\0', sizeof (re_dfastate_t *) * (path->alloc - old_alloc)); @@ -3818,9 +3821,11 @@ extend_buffers (mctx) if (mctx->state_log != NULL) { /* And double the length of state_log. */ - re_dfastate_t **new_array; - new_array = re_realloc (mctx->state_log, re_dfastate_t *, - pstr->bufs_len + 1); + /* XXX We have no indication of the size of this buffer. If this + allocation fail we have no indication that the state_log array + does not have the right size. */ + re_dfastate_t **new_array = re_realloc (mctx->state_log, re_dfastate_t *, + pstr->bufs_len + 1); if (BE (new_array == NULL, 0)) return REG_ESPACE; mctx->state_log = new_array; @@ -3995,9 +4000,7 @@ match_ctx_clear_flag (mctx) { int i; for (i = 0; i < mctx->nbkref_ents; ++i) - { - mctx->bkref_ents[i].flag = 0; - } + mctx->bkref_ents[i].flag = 0; } /* Register the node NODE, whose type is OP_OPEN_SUBEXP, and which matches @@ -4012,18 +4015,19 @@ match_ctx_add_subtop (mctx, node, str_idx) assert (mctx->sub_tops != NULL); assert (mctx->asub_tops > 0); #endif - if (mctx->nsub_tops == mctx->asub_tops) + if (BE (mctx->nsub_tops == mctx->asub_tops, 0)) { - re_sub_match_top_t **new_array; - mctx->asub_tops *= 2; - new_array = re_realloc (mctx->sub_tops, re_sub_match_top_t *, - mctx->asub_tops); + int new_asub_tops = mctx->asub_tops * 2; + re_sub_match_top_t **new_array = re_realloc (mctx->sub_tops, + re_sub_match_top_t *, + new_asub_tops); if (BE (new_array == NULL, 0)) return REG_ESPACE; mctx->sub_tops = new_array; + mctx->asub_tops = new_asub_tops; } mctx->sub_tops[mctx->nsub_tops] = calloc (1, sizeof (re_sub_match_top_t)); - if (mctx->sub_tops[mctx->nsub_tops] == NULL) + if (BE (mctx->sub_tops[mctx->nsub_tops] == NULL, 0)) return REG_ESPACE; mctx->sub_tops[mctx->nsub_tops]->node = node; mctx->sub_tops[mctx->nsub_tops++]->str_idx = str_idx; @@ -4039,23 +4043,25 @@ match_ctx_add_sublast (subtop, node, str_idx) int node, str_idx; { re_sub_match_last_t *new_entry; - if (subtop->nlasts == subtop->alasts) + if (BE (subtop->nlasts == subtop->alasts, 0)) { - re_sub_match_last_t **new_array; - subtop->alasts = 2 * subtop->alasts + 1; - new_array = re_realloc (subtop->lasts, re_sub_match_last_t *, - subtop->alasts); + int new_alasts = 2 * subtop->alasts + 1; + re_sub_match_last_t **new_array = re_realloc (subtop->lasts, + re_sub_match_last_t *, + new_alasts); if (BE (new_array == NULL, 0)) return NULL; subtop->lasts = new_array; + subtop->alasts = new_alasts; } new_entry = calloc (1, sizeof (re_sub_match_last_t)); - if (BE (new_entry == NULL, 0)) - return NULL; - subtop->lasts[subtop->nlasts] = new_entry; - new_entry->node = node; - new_entry->str_idx = str_idx; - ++subtop->nlasts; + if (BE (new_entry != NULL, 1)) + { + subtop->lasts[subtop->nlasts] = new_entry; + new_entry->node = node; + new_entry->str_idx = str_idx; + ++subtop->nlasts; + } return new_entry; } -- cgit 1.4.1