CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2019/02/05 12:38:37
Modified files:
lib/libc/regex : regcomp.c
Log message:
Avoid an out of bounds read when regcomp() is passed a bad expression.
When an invalid regular expression is passed, seterr() is called which
sets p->error to the appropriate error code and sets p->next and
p->end to nuls[]. However, p->next is decremented in the default
case in p_ere_exp() and p_simp_re() which makes it point to one
byte before nuls[]. From FreeBSD. OK tedu@ deraadt@
