This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug regex/14780] [PATCH] handle malloc() and realloc() failures in regcomp()


https://sourceware.org/bugzilla/show_bug.cgi?id=14780

--- Comment #7 from Jindrich Makovicka <makovick at gmail dot com> ---
(In reply to Rich Felker from comment #6)
> Are there any actual cases where malloc failure is not checked? I reviewed
> regcomp.c briefly and it seems the result is eventually (just not
> immediately) checked before use. However, there are major leaks when malloc
> has failed, since multiple results are checked together and no effort is
> made to free the ones that did succeed.

I do not really recall anymore if there _really_ was a segfault, or it was only
caused when I tried to free such partially compiled regex using regfree(). But
you can insert the fuzzing code from the first patch, consisting of xxmalloc
and xxrealloc from regcomp.c and #defines from regcomp.h, and run the attached
testcase with, say, 100000 iterations and look what happens.

The memory leaks are obviously real, and were the main reason I was looking
into this.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]