On Mon, Sep 05, 2016 at 05:44:57PM +0200, Johannes Schindelin wrote:

> The problem with that: mmap()ed memory is *not* NUL-terminated, yet the
> pickaxe code calls regexec() on it just the same.
> This problem has been reported by my colleague Chris Sidi.
> Please note that this patch series is a hot fix I applied to Git for
> Windows (the bug does not trigger a segmentation fault for me on Linux,
> strangely enough, but it is really a problem on Windows).

This has come up before, and I think somebody mentioned that on Linux,
you are OK unless the buffer ends right at a page boundary (i.e., the
buffer size is a multiple of the page size). I don't know if that's true
or not.

> So at least I have a workaround in place. Ideally, though, we would
> NUL-terminate the buffers only when needed, or somehow call regexec() on
> ptr/size parameters instead of passing a supposedly NUL-terminated
> string to it?

There's some discussion in:


and the thread below it. The quickest way to fix regexec() would be to
have everybody use the built-in GNU regex in compat/. People seemed
somewhat positive on that direction, but we never followed up.


Reply via email to