[perl.git] branch blead, updated. v5.17.4-323-g1443c94

Fri, 19 Oct 2012 03:21:58 -0700 

In perl.git, the branch blead has been updated

<http://perl5.git.perl.org/perl.git/commitdiff/1443c94c5785506d57ff756925baa65702a6cf98?hp=6703dff2fdca09b5e94caa860a909c14a1ffdaa2>

- Log -----------------------------------------------------------------
commit 1443c94c5785506d57ff756925baa65702a6cf98
Author: David Mitchell <[email protected]>
Date:   Fri Oct 19 10:14:56 2012 +0100

    regmatch(): fix out bounds array access
    
    The code for EXACTF and similar tests that
    
        UCHARAT(s) != fold_array[nextchr]
    
    but doesn't check first that nextchr != NEXTCHR_EOS (-10), so it can
    access the byte 10 bytes before the start of one of the PL_fold_latin1 or
    similar arrays. Although undesirable, it's harmless, as the worst it can
    achieve is a false positive match of the first char of the EXACTF string,
    which will then still fail on a full compare of the string.

M       regexec.c

commit e6ca698ca4309632ab09826ad47492d2934e10bd
Author: David Mitchell <[email protected]>
Date:   Thu Oct 18 19:54:20 2012 +0100

    regmatch(): add asserts for legal values of nextchr
    
    nextchr should always hold the next *byte* of the string, or the
    special value NEXTCHR_EOS, so assert this. And when we're moving to the
    next char, nextchr shouldn't already be NEXTCHR_EOS.

M       regexec.c
-----------------------------------------------------------------------

Summary of changes:
 regexec.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/regexec.c b/regexec.c
index f25bce1..8ee8a8f 100644
--- a/regexec.c
+++ b/regexec.c
@@ -3658,6 +3658,7 @@ S_regmatch(pTHX_ regmatch_info *reginfo, char *startpos, 
regnode *prog)
       reenter_switch:
 
         SET_nextchr;
+        assert(nextchr < 256 && (nextchr >= 0 || nextchr == NEXTCHR_EOS));
 
        switch (state_num) {
        case BOL: /*  /^../  */
@@ -4205,8 +4206,9 @@ S_regmatch(pTHX_ regmatch_info *reginfo, char *startpos, 
regnode *prog)
            }
 
            /* Neither the target nor the pattern are utf8 */
-           if (UCHARAT(s) != nextchr &&
-               UCHARAT(s) != fold_array[nextchr])
+           if (UCHARAT(s) != nextchr
+                && !NEXTCHR_IS_EOS
+               && UCHARAT(s) != fold_array[nextchr])
            {
                sayNO;
            }
@@ -6326,6 +6328,7 @@ NULL
         /* this is a point to jump to in order to increment
          * locinput by one character */
         increment_locinput:
+            assert(!NEXTCHR_IS_EOS);
             if (utf8_target) {
                 locinput += PL_utf8skip[nextchr];
                 /* locinput is allowed to go 1 char off the end, but not 2+ */

--
Perl5 Master Repository

Reply via email to