Thanks for the review. > Thanks, can you provide a test case that illustrates the problem? We > could add it to the test suite.
I checked both values of `p' and `end' after first transit_state in following operation with GDB, but I can't have generated core dump by this bug yet. $ echo | env LC_ALL=ja_JP.eucJP src/grep '..........' > Also, there are two calls to transit_state but that patch affects only > one of them. Why shouldn't both calls be patched? I only tested at the first call of transit_state (because above test case doesn't pass the second call), but I think that we also fix at the second call as you say.
From 350ef54e75a99e564c18c3d575e4985bbd438cd9 Mon Sep 17 00:00:00 2001 From: Norihiro Tanaka <nori...@kcn.ne.jp> Date: Mon, 29 Sep 2014 08:53:56 +0900 Subject: [PATCH] dfa: check end of an input buffer after a transition in non-UTF8 multibyte locales * src/dfa.c (dfaexec_main): Check end of an input buffer after a transition in non-UTF8 multibyte locales. --- src/dfa.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/dfa.c b/src/dfa.c index 4f45fff..7cbe247 100644 --- a/src/dfa.c +++ b/src/dfa.c @@ -3351,6 +3351,21 @@ dfaexec_main (struct dfa *d, char const *begin, char *end, /* Can match with a multibyte character (and multi character collating element). Transition table might be updated. */ s = transit_state (d, s, &p, (unsigned char *) end); + + if (p[-1] == eol) + { + if ((char *) p > end) + { + p = NULL; + goto done; + } + + nlcount++; + + if (!allow_nl) + s = 0; + } + mbp = p; trans = d->trans; } @@ -3399,6 +3414,21 @@ dfaexec_main (struct dfa *d, char const *begin, char *end, /* Can match with a multibyte character (and multicharacter collating element). Transition table might be updated. */ s = transit_state (d, s, &p, (unsigned char *) end); + + if (p[-1] == eol) + { + if ((char *) p > end) + { + p = NULL; + goto done; + } + + nlcount++; + + if (!allow_nl) + s = 0; + } + mbp = p; trans = d->trans; } -- 2.1.1