41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
|
|
Date: Mon, 18 Dec 2006 18:38:13 +0300
|
|
From: "Dmitry V. Levin" <ldv@altlinux.org>
|
|
Subject: gawk: do_match() invalid read
|
|
To: bug-gawk@gnu.org
|
|
|
|
Due to missing mounds check, do_match() may do invalid read in multibyte
|
|
locales:
|
|
|
|
$ printf '\n\n' |env -i gawk '{print match(""," *")}'
|
|
1
|
|
1
|
|
$ printf '\n\n' |env -i LC_ALL=3Dru_RU.UTF-8 gawk '{print match(""," *")}'
|
|
-1208299079
|
|
134843273
|
|
|
|
As you see, match() output in multibyte locale is wrong; valgrind reports
|
|
about "Invalid read of size 4".
|
|
|
|
|
|
--- gawk-3.1.5/builtin.c.mbread 2007-01-12 13:23:55.000000000 +0100
|
|
+++ gawk-3.1.5/builtin.c 2007-01-12 13:24:41.000000000 +0100
|
|
@@ -2020,7 +2020,7 @@
|
|
|
|
rlength = REEND(rp, t1->stptr) - RESTART(rp, t1->stptr); /* byte length */
|
|
#ifdef MBS_SUPPORT
|
|
- if (gawk_mb_cur_max > 1) {
|
|
+ if (rlength > 0 && gawk_mb_cur_max > 1) {
|
|
t1 = str2wstr(t1, & wc_indices);
|
|
rlength = wc_indices[rstart + rlength - 1] - wc_indices[rstart] + 1;
|
|
rstart = wc_indices[rstart];
|
|
@@ -2046,7 +2046,7 @@
|
|
subpat_start = s;
|
|
subpat_len = len = SUBPATEND(rp, t1->stptr, ii) - s;
|
|
#ifdef MBS_SUPPORT
|
|
- if (gawk_mb_cur_max > 1) {
|
|
+ if (len > 0 && gawk_mb_cur_max > 1) {
|
|
subpat_start = wc_indices[s];
|
|
subpat_len = wc_indices[s + len - 1] - subpat_start + 1;
|
|
}
|