This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug regex/5718] Uninitialised struct member in re_compile_internal causes crash in regfree


------- Additional Comments From jakub at redhat dot com  2008-02-04 14:10 -------
GNU APIs don't allow translate, fastmap etc. to be initialized manually, they
require it.
re_compile_pattern initializes only some fields of the structure, others
are already supposed to be initialized before by the caller.

E.g. info regex on translate says:
If you don't want Regex to do any translation, put zero into this
field.  You'll get weird results if you change the table's contents
anytime between compiling the pattern buffer, compiling its fastmap, and
matching or searching with the pattern buffer.

>From this it is clear that you must initialize translate before calling
re_compile_pattern, either to NULL, or to a translate table.  From the info
it is not obvious that a valid translate table must be malloced, but e.g.
the old regfree shows that that has been always necessary.

void
regfree (preg)
    regex_t *preg;
{
  if (preg->buffer != NULL)
    free (preg->buffer);
  preg->buffer = NULL;

  preg->allocated = 0;
  preg->used = 0;

  if (preg->fastmap != NULL)
    free (preg->fastmap);
  preg->fastmap = NULL;
  preg->fastmap_accurate = 0;

  if (preg->translate != NULL)
    free (preg->translate);
  preg->translate = NULL;
}

The easiest is memset (&re, 0, sizeof (re)); before passing &re
to re_compile_pattern (or rely on some other zero initialization) and if you
need, set some fields in between.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID


http://sourceware.org/bugzilla/show_bug.cgi?id=5718

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]