This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug regex/14780] [PATCH] handle malloc() and realloc() failures in regcomp()
- From: "makovick at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 12 Sep 2013 17:21:48 +0000
- Subject: [Bug regex/14780] [PATCH] handle malloc() and realloc() failures in regcomp()
- Auto-submitted: auto-generated
- References: <bug-14780-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=14780
--- Comment #7 from Jindrich Makovicka <makovick at gmail dot com> ---
(In reply to Rich Felker from comment #6)
> Are there any actual cases where malloc failure is not checked? I reviewed
> regcomp.c briefly and it seems the result is eventually (just not
> immediately) checked before use. However, there are major leaks when malloc
> has failed, since multiple results are checked together and no effort is
> made to free the ones that did succeed.
I do not really recall anymore if there _really_ was a segfault, or it was only
caused when I tried to free such partially compiled regex using regfree(). But
you can insert the fuzzing code from the first patch, consisting of xxmalloc
and xxrealloc from regcomp.c and #defines from regcomp.h, and run the attached
testcase with, say, 100000 iterations and look what happens.
The memory leaks are obviously real, and were the main reason I was looking
into this.
--
You are receiving this mail because:
You are on the CC list for the bug.