FYI, here's a fix: tests/fmbtest.sh provokes the failure, too, so I'm not planning to add a test case.
>From 60a7e46a1c3ff186c373e776958ea02437b686ef Mon Sep 17 00:00:00 2001 From: Jim Meyering <[email protected]> Date: Wed, 23 Dec 2009 18:59:30 +0100 Subject: [PATCH] fix multi-byte-locale read-beyond-end-of-buffer error Avoid read-beyond-end-of-buffer errors, evoked by running this: LC_ALL=en_US.UTF-8 valgrind src/grep -f <(printf 'a\nb\n') <(echo c) Conditional jump or move depends on uninitialised value(s) at 0x78136D: __gconv_transform_utf8_internal (in /lib/libc-2.11.so) by 0x7E7232: mbrtowc (in /lib/libc-2.11.so) by 0x8055773: dfaexec (dfa.c:2816) by 0x804D7B0: EGexecute (search.c:353) by 0x804ACD8: grepbuf (grep.c:1036) by 0x804B023: grep (grep.c:1156) by 0x804B460: grepfile (grep.c:1287) by 0x804CF0D: main (grep.c:2282) Conditional jump or move depends on uninitialised value(s) at 0x7E7248: mbrtowc (in /lib/libc-2.11.so) by 0x8055773: dfaexec (dfa.c:2816) by 0x804D7B0: EGexecute (search.c:353) by 0x804ACD8: grepbuf (grep.c:1036) by 0x804B023: grep (grep.c:1156) by 0x804B460: grepfile (grep.c:1287) by 0x804CF0D: main (grep.c:2282) * src/dfa.c (dfaexec) [MBS_SUPPORT]: Do not access one byte beyond end of buffer. --- src/dfa.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/dfa.c b/src/dfa.c index d1d7f25..b50f98a 100644 --- a/src/dfa.c +++ b/src/dfa.c @@ -2808,13 +2808,13 @@ dfaexec (struct dfa *d, char const *begin, size_t size, int *backref) MALLOC(inputwcs, wchar_t, end - (unsigned char const *)begin + 2); memset(&mbs, 0, sizeof(mbstate_t)); remain_bytes = 0; - for (i = 0; i < end - (unsigned char const *)begin + 1; i++) + for (i = 0; i < end - (unsigned char const *)begin; i++) { if (remain_bytes == 0) { remain_bytes = mbrtowc(inputwcs + i, begin + i, - end - (unsigned char const *)begin - i + 1, &mbs); + end - (unsigned char const *)begin - i, &mbs); if (remain_bytes <= 1) { remain_bytes = 0; -- 1.6.6.rc4.284.gb0b11
