summaryrefslogtreecommitdiff
path: root/src/regex/regexec.c
AgeCommit message (Collapse)AuthorFilesLines
2017-03-14fix free of uninitialized buffer pointer on error in regexecRich Felker1-3/+3
the fix in commit c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 for CVE-2016-8859 used gotos to exit on overflow conditions, but the code in that error path assumed the buffer pointer was valid or null. thus, the conditions which previously led to under-allocation and buffer overflow could instead lead to an invalid pointer being passed to free.
2016-10-06fix regexec with haystack strings longer than INT_MAXRich Felker1-26/+28
we inherited from TRE regexec code that's utterly wrong with respect to the integer types it's using. while it doesn't appear that compilers are producing unsafe output, signed integer overflows seem to happen, and regexec fails to find matches past offset INT_MAX. this patch fixes the type of all variables/fields used to store offsets in the string from int to regoff_t. after the changes, basic testing showed that regexec can now find matches past 2GB (INT_MAX) and past 4GB on x86_64, and code generation is unchanged on i386.
2016-10-06fix missing integer overflow checks in regexec buffer size computationsRich Felker1-5/+18
most of the possible overflows were already ruled out in practice by regcomp having already succeeded performing larger allocations. however at least the num_states*num_tags multiplication can clearly overflow in practice. for safety, check them all, and use the proper type, size_t, rather than int. also improve comments, use calloc in place of malloc+memset, and remove bogus casts.
2014-09-05fix memory leak in regexec when input contains illegal sequenceSzabolcs Nagy1-5/+6
2014-07-17fix crash in regexec for nonzero nmatch argument with REG_NOSUBRich Felker1-0/+1
per POSIX, the nmatch and pmatch arguments are ignored when the regex was compiled with REG_NOSUB.
2013-02-01revert regex "cleanup" that seems unjustified and may break backtrackingRich Felker1-0/+3
it's not clear to me at the moment whether the code that was removed (and which is now being re-added) is needed, but it's far from being a no-op, and i don't want to risk breaking regex in this release.
2013-01-14regex: remove an unused local variable from regexecSzabolcs Nagy1-3/+0
pos_start local variable is not used in tre_tnfa_run_backtrack
2012-09-06use restrict everywhere it's required by c99 and/or posix 2008Rich Felker1-2/+2
to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
2012-04-14fix signedness error handling invalid multibyte sequences in regexecRich Felker1-2/+2
the "< 0" test was always false due to use of an unsigned type. this resulted in infinite loops on 32-bit machines (adding -1U to a pointer is the same as adding -1) and crashes on 64-bit machines (offsetting the string pointer by 4gb-1b when an illegal sequence was hit).
2012-03-20upgrade to latest upstream TRE regex code (0.8.0)Rich Felker1-241/+145
the main practical results of this change are 1. the regex code is no longer subject to LGPL; it's now 2-clause BSD 2. most (all?) popular nonstandard regex extensions are supported I hesitate to call this a "sync" since both the old and new code are heavily modified. in one sense, the old code was "more severely" modified, in that it was actively hostile to non-strictly-conforming expressions. on the other hand, the new code has eliminated the useless translation of the entire regex string to wchar_t prior to compiling, and now only converts multibyte character literals as needed. in the future i may use this modified TRE as a basis for writing the long-planned new regex engine that will avoid multibyte-to-wide character conversion entirely by compiling multibyte bracket expressions specific to UTF-8.
2011-04-07fix bug in TRE found by clang (typo && instead of &)Rich Felker1-1/+1
2011-02-12initial check-in, version 0.5.0v0.5.0Rich Felker1-0/+1107