This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]
GNU C Library master sources branch, master, updated. glibc-2.11-163-g5ddf954

From: drepper at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 22 Jan 2010 18:24:44 -0000
Subject: GNU C Library master sources branch, master, updated. glibc-2.11-163-g5ddf954
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  5ddf954cf19d43f54ba44f487427d210952e1236 (commit)
       via  4f08104cbf07d87a42c389f2af17f87c445e59d5 (commit)
       via  0dae5d4ec1740b511af97c600df1ceea37ada73d (commit)
       via  22364644882b6cf426ed13be5b6480c3a9210eb1 (commit)
       via  54dd0ab31fe2b2168ba1a6180a0c05941fb54b3c (commit)
      from  e3b7670be21d6992e3ca9ee1ad3a5d08eb3a24c9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5ddf954cf19d43f54ba44f487427d210952e1236

commit 5ddf954cf19d43f54ba44f487427d210952e1236
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Fri Jan 22 10:22:53 2010 -0800

    Simplify test in re_string_skip_chars.

diff --git a/ChangeLog b/ChangeLog
index 60f7107..14e3199 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-01-22  Ulrich Drepper  <drepper@redhat.com>
+
+	* posix/regex_internal.c (re_string_skip_chars): Simplify test for
+	failed mbrtowc call.
+
 2010-01-22  Jim Meyering  <jim@meyering.net>
 
 	[BZ #11186]
diff --git a/posix/regex_internal.c b/posix/regex_internal.c
index 976dbfc..8183a29 100644
--- a/posix/regex_internal.c
+++ b/posix/regex_internal.c
@@ -500,7 +500,7 @@ re_string_skip_chars (re_string_t *pstr, int new_raw_idx, wint_t *last_wc)
       prev_st = pstr->cur_state;
       mbclen = __mbrtowc (&wc2, (const char *) pstr->raw_mbs + rawbuf_idx,
 			  remain_len, &pstr->cur_state);
-      if (BE (mbclen == (size_t) -2 || mbclen == (size_t) -1 || mbclen == 0, 0))
+      if (BE ((ssize_t) mbclen <= 0, 0))
 	{
 	  /* We treat these cases as a single byte character.  */
 	  if (mbclen == 0 || remain_len == 0)

http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4f08104cbf07d87a42c389f2af17f87c445e59d5

commit 4f08104cbf07d87a42c389f2af17f87c445e59d5
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Fri Jan 22 10:17:45 2010 -0800

    regex_internal.c: don't assume WEOF fits in wchar_t

diff --git a/ChangeLog b/ChangeLog
index 01257e6..60f7107 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2010-01-22  Jim Meyering  <jim@meyering.net>
 
+	[BZ #11186]
+	* posix/regex_internal.c (re_string_skip_chars): Don't assume WEOF
+	fits in wchar_t.  Problem reported by Eric Blake.
+
 	[BZ #11185]
 	* posix/regex_internal.c (re_string_reconstruct): Remove declaration
 	and stores into set-but-not-used local, "q".
diff --git a/posix/regex_internal.c b/posix/regex_internal.c
index 95f2a0e..976dbfc 100644
--- a/posix/regex_internal.c
+++ b/posix/regex_internal.c
@@ -489,16 +489,16 @@ re_string_skip_chars (re_string_t *pstr, int new_raw_idx, wint_t *last_wc)
   mbstate_t prev_st;
   int rawbuf_idx;
   size_t mbclen;
-  wchar_t wc = WEOF;
+  wint_t wc = WEOF;
 
   /* Skip the characters which are not necessary to check.  */
   for (rawbuf_idx = pstr->raw_mbs_idx + pstr->valid_raw_len;
        rawbuf_idx < new_raw_idx;)
     {
-      int remain_len;
-      remain_len = pstr->len - rawbuf_idx;
+      wchar_t wc2;
+      int remain_len = pstr->len - rawbuf_idx;
       prev_st = pstr->cur_state;
-      mbclen = __mbrtowc (&wc, (const char *) pstr->raw_mbs + rawbuf_idx,
+      mbclen = __mbrtowc (&wc2, (const char *) pstr->raw_mbs + rawbuf_idx,
 			  remain_len, &pstr->cur_state);
       if (BE (mbclen == (size_t) -2 || mbclen == (size_t) -1 || mbclen == 0, 0))
 	{
@@ -510,10 +510,12 @@ re_string_skip_chars (re_string_t *pstr, int new_raw_idx, wint_t *last_wc)
 	  mbclen = 1;
 	  pstr->cur_state = prev_st;
 	}
+      else
+	wc = (wint_t) wc2;
       /* Then proceed the next character.  */
       rawbuf_idx += mbclen;
     }
-  *last_wc = (wint_t) wc;
+  *last_wc = wc;
   return rawbuf_idx;
 }
 #endif /* RE_ENABLE_I18N  */

http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0dae5d4ec1740b511af97c600df1ceea37ada73d

commit 0dae5d4ec1740b511af97c600df1ceea37ada73d
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Fri Jan 22 09:57:30 2010 -0800

    regex_internal.c: remove useless variable and the code to set it.

diff --git a/ChangeLog b/ChangeLog
index 98c36d5..01257e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2010-01-22  Jim Meyering  <jim@meyering.net>
 
+	[BZ #11185]
+	* posix/regex_internal.c (re_string_reconstruct): Remove declaration
+	and stores into set-but-not-used local, "q".
+
 	[BZ #11184]
 	* posix/regex_internal.c (re_dfa_add_node): Extend the overflow
 	detection test.  Patch by Paul Eggert.
diff --git a/posix/regex_internal.c b/posix/regex_internal.c
index 67c174a..95f2a0e 100644
--- a/posix/regex_internal.c
+++ b/posix/regex_internal.c
@@ -701,7 +701,7 @@ re_string_reconstruct (re_string_t *pstr, int idx, int eflags)
 
 	      if (pstr->is_utf8)
 		{
-		  const unsigned char *raw, *p, *q, *end;
+		  const unsigned char *raw, *p, *end;
 
 		  /* Special case UTF-8.  Multi-byte chars start with any
 		     byte other than 0x80 - 0xbf.  */
@@ -730,13 +730,11 @@ re_string_reconstruct (re_string_t *pstr, int idx, int eflags)
 			  unsigned char buf[6];
 			  size_t mbclen;
 
-			  q = p;
 			  if (BE (pstr->trans != NULL, 0))
 			    {
 			      int i = mlen < 6 ? mlen : 6;
 			      while (--i >= 0)
 				buf[i] = pstr->trans[p[i]];
-			      q = buf;
 			    }
 			  /* XXX Don't use mbrtowc, we know which conversion
 			     to use (UTF-8 -> UCS4).  */

http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=22364644882b6cf426ed13be5b6480c3a9210eb1

commit 22364644882b6cf426ed13be5b6480c3a9210eb1
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Fri Jan 22 09:48:35 2010 -0800

    Extend overflow detection in re_dfa_add_node.

diff --git a/ChangeLog b/ChangeLog
index 7afc90c..98c36d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2010-01-22  Jim Meyering  <jim@meyering.net>
 
+	[BZ #11184]
+	* posix/regex_internal.c (re_dfa_add_node): Extend the overflow
+	detection test.  Patch by Paul Eggert.
+
+	[BZ #11183]
 	* posix/regex_internal.c (re_string_realloc_buffers):
 	Detect and handle internal overflow.  Patch by Paul Eggert
 
diff --git a/posix/regex_internal.c b/posix/regex_internal.c
index 690ed8d..67c174a 100644
--- a/posix/regex_internal.c
+++ b/posix/regex_internal.c
@@ -1411,8 +1411,11 @@ re_dfa_add_node (re_dfa_t *dfa, re_token_t token)
       re_node_set *new_edests, *new_eclosures;
       re_token_t *new_nodes;
 
-      /* Avoid overflows.  */
-      if (BE (new_nodes_alloc < dfa->nodes_alloc, 0))
+      /* Avoid overflows in realloc.  */
+      const size_t max_object_size = MAX (sizeof (re_token_t),
+					  MAX (sizeof (re_node_set),
+					       sizeof (int)));
+      if (BE (SIZE_MAX / max_object_size < new_nodes_alloc, 0))
 	return -1;
 
       new_nodes = re_realloc (dfa->nodes, re_token_t, new_nodes_alloc);

http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=54dd0ab31fe2b2168ba1a6180a0c05941fb54b3c

commit 54dd0ab31fe2b2168ba1a6180a0c05941fb54b3c
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Fri Jan 22 09:33:01 2010 -0800

    regex: avoid internal re_realloc overflow

diff --git a/ChangeLog b/ChangeLog
index 75c3043..7afc90c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-01-22  Jim Meyering  <jim@meyering.net>
+
+	* posix/regex_internal.c (re_string_realloc_buffers):
+	Detect and handle internal overflow.  Patch by Paul Eggert
+
 2010-01-20  Andreas Schwab  <schwab@redhat.com>
 
 	* sysdeps/unix/sysv/linux/s390/s390-32/____longjmp_chk.c
diff --git a/posix/regex_internal.c b/posix/regex_internal.c
index ff28e5f..690ed8d 100644
--- a/posix/regex_internal.c
+++ b/posix/regex_internal.c
@@ -133,7 +133,14 @@ re_string_realloc_buffers (re_string_t *pstr, int new_buf_len)
 #ifdef RE_ENABLE_I18N
   if (pstr->mb_cur_max > 1)
     {
-      wint_t *new_wcs = re_realloc (pstr->wcs, wint_t, new_buf_len);
+      wint_t *new_wcs;
+
+      /* Avoid overflow in realloc.  */
+      const size_t max_object_size = MAX (sizeof (wint_t), sizeof (int));
+      if (BE (SIZE_MAX / max_object_size < new_buf_len, 0))
+	return REG_ESPACE;
+
+      new_wcs = re_realloc (pstr->wcs, wint_t, new_buf_len);
       if (BE (new_wcs == NULL, 0))
 	return REG_ESPACE;
       pstr->wcs = new_wcs;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog              |   23 +++++++++++++++++++++++
 posix/regex_internal.c |   34 ++++++++++++++++++++++------------
 2 files changed, 45 insertions(+), 12 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]