GNU bug report logs - #32271
heap buffer overflow in regexp.c, line 286

Previous Next

Package: sed;

Reported by: project-repo <bugs <at> feusi.co>

Date: Wed, 25 Jul 2018 14:34:01 UTC

Severity: normal

Tags: fixed

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #17 received at 32271 <at> debbugs.gnu.org (full text, mbox):

From: Assaf Gordon <assafgordon <at> gmail.com>
To: Jim Meyering <jim <at> meyering.net>
Cc: project-repo <bugs <at> feusi.co>, 32271 <at> debbugs.gnu.org
Subject: Re: bug#32271: heap buffer overflow in regexp.c, line 286
Date: Fri, 3 Aug 2018 19:58:46 -0600

tags 32271 fixed
close 32271
stop

On 02/08/18 09:15 AM, Jim Meyering wrote:
> On Fri, Jul 27, 2018 at 12:13 PM, Assaf Gordon <assafgordon <at> gmail.com> wrote:
>> On 25/07/18 08:34 AM, project-repo wrote:
>>>
>>> I let the fuzzer run again and it came up with a second heap buffer
>>> overflow. This time in regexp.c, line 286. Here is a backtrace as
>>> supplied by the address sanitizer:
>>>
>> The two attached patches should explain it in detail.
>>
>> As these changes are somewhat subtle, I encourage everyone to
>> double-check them...
> 
> Fine work, yet again. Thank you!
> I did spot one nit: the addition of two leading TAB bytes in the
> latter patch. Should be 8 spaces, of course:

Thanks for the review.

Pushed here:
https://git.savannah.gnu.org/cgit/sed.git/commit/?id=2cb09e14
https://git.savannah.gnu.org/cgit/sed.git/commit/?id=007a4176

-assaf

This bug report was last modified 6 years and 291 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #32271 heap buffer overflow in regexp.c, line 286

GNU bug report logs - #32271
heap buffer overflow in regexp.c, line 286