Date: Mon, 18 Dec 2006 18:38:13 +0300
 From: "Dmitry V. Levin" <ldv@altlinux.org>
 Subject: gawk: do_match() invalid read
 To: bug-gawk@gnu.org

 Due to missing mounds check, do_match() may do invalid read in multibyte
 locales:

 $ printf '\n\n' |env -i gawk '{print match(""," *")}'
 1
 1
 $ printf '\n\n' |env -i LC_ALL=3Dru_RU.UTF-8 gawk '{print match(""," *")}'
 -1208299079
 134843273

 As you see, match() output in multibyte locale is wrong; valgrind reports
 about "Invalid read of size 4".


--- gawk-3.1.5/builtin.c.mbread	2007-01-12 13:23:55.000000000 +0100
+++ gawk-3.1.5/builtin.c	2007-01-12 13:24:41.000000000 +0100
@@ -2020,7 +2020,7 @@
 
 		rlength = REEND(rp, t1->stptr) - RESTART(rp, t1->stptr);	/* byte length */
 #ifdef MBS_SUPPORT
-		if (gawk_mb_cur_max > 1) {
+		if (rlength > 0 && gawk_mb_cur_max > 1) {
 			t1 = str2wstr(t1, & wc_indices);
 			rlength = wc_indices[rstart + rlength - 1] - wc_indices[rstart] + 1;
 			rstart = wc_indices[rstart];
@@ -2046,7 +2046,7 @@
 					subpat_start = s;
 					subpat_len = len = SUBPATEND(rp, t1->stptr, ii) - s;
 #ifdef MBS_SUPPORT
-					if (gawk_mb_cur_max > 1) {
+					if (len > 0 && gawk_mb_cur_max > 1) {
 						subpat_start = wc_indices[s];
 						subpat_len = wc_indices[s + len - 1] - subpat_start + 1;
 					}