GNU bug report logs - #15307
minor fix to dfa.c

Previous Next

Package: grep;

Reported by: Aharon Robbins <arnold <at> skeeve.com>

Date: Sun, 8 Sep 2013 09:54:02 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Aharon Robbins <arnold <at> skeeve.com>
To: 15307 <at> debbugs.gnu.org
Subject: bug#15307: minor fix to dfa.c
Date: Sun, 08 Sep 2013 11:53:07 +0200

The following fix to dfa.c was suggested by a static checking tool.
I'm applying it in the gawk code base.

Basically, it's theoretically possible for len to have run off the end
of the `str' array.

Thanks,

Arnold

diff --git a/dfa.c b/dfa.c
index 8b79eb7..490a075 100644
--- a/dfa.c
+++ b/dfa.c
@@ -1038,7 +1038,8 @@ parse_bracket_exp (void)
                     /* This is in any case an invalid class name.  */
                     str[0] = '\0';
                 }
-              str[len] = '\0';
+              if (len < BRACKET_BUFFER_SIZE)
+                 str[len] = '\0';
 
               /* Fetch bracket.  */
               FETCH_WC (c, wc, _("unbalanced ["));

This bug report was last modified 11 years and 270 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #15307 minor fix to dfa.c

GNU bug report logs - #15307
minor fix to dfa.c