diff options
author | Rich Felker <dalias@aerifal.cx> | 2015-03-30 02:13:59 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2015-03-30 02:13:59 -0400 |
commit | ee6f8114dfc02709f5df7f19bff0d774aef50fce (patch) | |
tree | 006b9cd7737d5d6f27367e3fe763680ff60d48eb /src | |
parent | 7987653d57b47d5dd8f90bd5b4f7736dd941a807 (diff) | |
download | musl-ee6f8114dfc02709f5df7f19bff0d774aef50fce.tar.gz musl-ee6f8114dfc02709f5df7f19bff0d774aef50fce.tar.bz2 musl-ee6f8114dfc02709f5df7f19bff0d774aef50fce.tar.xz musl-ee6f8114dfc02709f5df7f19bff0d774aef50fce.zip |
fix regcomp handling of backslash followed by high byte
the regex parser handles the (undefined) case of an unexpected byte
following a backslash as a literal. however, instead of correctly
decoding a character, it was treating the byte value itself as a
character. this was not only semantically unjustified, but turned out
to be dangerous on archs where plain char is signed: bytes in the
range 252-255 alias the internal codes -4 through -1 used for special
types of literal nodes in the AST.
analogous to commit 39dfd58417ef642307d90306e1c7e50aaec5a35c in
mainline. it's unclear whether the same crash that affected mainline
is possible in the older regcomp code in 1.0.x, but conceptually the
bug is the same.
Diffstat (limited to 'src')
-rw-r--r-- | src/regex/regcomp.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/src/regex/regcomp.c b/src/regex/regcomp.c index d9076275..01d42a8e 100644 --- a/src/regex/regcomp.c +++ b/src/regex/regcomp.c @@ -1298,10 +1298,7 @@ tre_parse(tre_parse_ctx_t *ctx) else { /* Escaped character. */ - result = tre_ast_new_literal(ctx->mem, *ctx->re, *ctx->re, - ctx->position); - ctx->position++; - ctx->re++; + goto parse_literal; } break; } |