From bd9643b1353ec4751c6fe182b899bf9f171f6ee0 Mon Sep 17 00:00:00 2001 From: "Tim J. Robbins" Date: Sun, 21 Nov 2004 03:14:32 +0000 Subject: Fix computation of the 'n' argument to mbrtowc (through XMBRTOWC) to avoid reading past 'stop' in various places when converting multibyte characters. Reading too far caused truncation to not be detected when it should have been, eventually causing regexec() to loop infinitely in with certain combinations of patterns and strings in multibyte locales. PR: 74020 MFC after: 4 weeks --- lib/libc/regex/engine.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/libc/regex') diff --git a/lib/libc/regex/engine.c b/lib/libc/regex/engine.c index e6484ef6b8ba..f97a79b244d1 100644 --- a/lib/libc/regex/engine.c +++ b/lib/libc/regex/engine.c @@ -331,7 +331,7 @@ int eflags; NOTE("false alarm"); /* recycle starting later */ start = m->coldp + XMBRTOWC(NULL, m->coldp, - m->endp - m->coldp, &m->mbs, 0); + stop - m->coldp, &m->mbs, 0); assert(start <= stop); } @@ -807,7 +807,7 @@ sopno stopst; if (p == m->endp) c = OUT; else - clen = XMBRTOWC(&c, p, m->endp - p, &m->mbs, BADCHAR); + clen = XMBRTOWC(&c, p, stop - p, &m->mbs, BADCHAR); if (EQ(st, fresh)) coldp = p; @@ -861,7 +861,7 @@ sopno stopst; assert(coldp != NULL); m->coldp = coldp; if (ISSET(st, stopst)) - return(p+XMBRTOWC(NULL, p, m->endp - p, &m->mbs, 0)); + return(p+XMBRTOWC(NULL, p, stop - p, &m->mbs, 0)); else return(NULL); } @@ -913,7 +913,7 @@ sopno stopst; c = OUT; clen = 0; } else - clen = XMBRTOWC(&c, p, m->endp - p, &m->mbs, BADCHAR); + clen = XMBRTOWC(&c, p, stop - p, &m->mbs, BADCHAR); /* is there an EOL and/or BOL between lastc and c? */ flagch = '\0'; -- cgit v1.2.3