aboutsummaryrefslogtreecommitdiff
path: root/gnu/usr.bin
diff options
context:
space:
mode:
authorTim J. Robbins <tjr@FreeBSD.org>2004-07-04 14:00:25 +0000
committerTim J. Robbins <tjr@FreeBSD.org>2004-07-04 14:00:25 +0000
commit7358ecc6b677a471f927e6deb4dfe903f529860b (patch)
tree3411746a744f861a5ff52960e7f537a25e54cacc /gnu/usr.bin
parent8529ce7a875c5bec1e890ed874217f1c630fecbe (diff)
downloadsrc-7358ecc6b677a471f927e6deb4dfe903f529860b.tar.gz
src-7358ecc6b677a471f927e6deb4dfe903f529860b.zip
Avoid accessing accessing memory past the end of mb_properties in the
degenerate case of fgrep with an empty pattern in a multibyte locale. Found by phkmalloc.
Notes
Notes: svn path=/head/; revision=131569
Diffstat (limited to 'gnu/usr.bin')
-rw-r--r--gnu/usr.bin/grep/search.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/gnu/usr.bin/grep/search.c b/gnu/usr.bin/grep/search.c
index b8a1dcdcc5da..b2514a97ab05 100644
--- a/gnu/usr.bin/grep/search.c
+++ b/gnu/usr.bin/grep/search.c
@@ -552,7 +552,8 @@ Fexecute (char const *buf, size_t size, size_t *match_size, int exact)
if (offset == (size_t) -1)
goto failure;
#ifdef MBS_SUPPORT
- if (MB_CUR_MAX > 1 && mb_properties[offset+beg-buf] == 0)
+ if (MB_CUR_MAX > 1 && offset + beg - buf < size
+ && mb_properties[offset+beg-buf] == 0)
continue; /* It is a part of multibyte character. */
#endif /* MBS_SUPPORT */
beg += offset;
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 20:06:16 +0000