diff options
author | Rich Felker <dalias@aerifal.cx> | 2015-03-30 02:13:59 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2015-03-30 02:13:59 -0400 |
commit | ee6f8114dfc02709f5df7f19bff0d774aef50fce (patch) | |
tree | 006b9cd7737d5d6f27367e3fe763680ff60d48eb /crt/i386 | |
parent | 7987653d57b47d5dd8f90bd5b4f7736dd941a807 (diff) | |
download | musl-ee6f8114dfc02709f5df7f19bff0d774aef50fce.tar.gz musl-ee6f8114dfc02709f5df7f19bff0d774aef50fce.tar.xz musl-ee6f8114dfc02709f5df7f19bff0d774aef50fce.zip |
fix regcomp handling of backslash followed by high byte
the regex parser handles the (undefined) case of an unexpected byte following a backslash as a literal. however, instead of correctly decoding a character, it was treating the byte value itself as a character. this was not only semantically unjustified, but turned out to be dangerous on archs where plain char is signed: bytes in the range 252-255 alias the internal codes -4 through -1 used for special types of literal nodes in the AST. analogous to commit 39dfd58417ef642307d90306e1c7e50aaec5a35c in mainline. it's unclear whether the same crash that affected mainline is possible in the older regcomp code in 1.0.x, but conceptually the bug is the same.
Diffstat (limited to 'crt/i386')
0 files changed, 0 insertions, 0 deletions