GNU bug report logs - #32592
s with i modifier seems to work incorrectly

Previous Next

Full log

View this message in rfc822 format

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Jim Meyering <jim <at> meyering.net>, Assaf Gordon <assafgordon <at> gmail.com>
Cc: bill-auger <at> peers.community, "bug-gnulib <at> gnu.org List" <bug-gnulib <at> gnu.org>, 32592 <at> debbugs.gnu.org, tails.saito <at> gmail.com, Eric Blake <eblake <at> redhat.com>
Subject: bug#32592: heap-use-after-free in regex module
Date: Thu, 6 Sep 2018 00:18:18 -0700

Jim Meyering wrote:
> I couldn't help but notice this nonsense right after the line
> you inserted:
> 
>            if (err == REG_NOMATCH)
>              continue;
>          }
> 
> That is an "if (...) continue;" just before the closing brace of a
> for-loop. Those two lines constitute a no-op and should be removed,
> though not as part of your change.

Actually I think the abovementioned code should be kept, and the nonsense comes 
from the fact that some code is missing after the "if". When err != REG_NOMATCH 
&& err != REG_NOERROR, the function should exit the loop and return immediately, 
because there is a memory allocation error in a subroutine.

What a coincidence that we would find two bugs right next to each other, huh?...

I filed a bug report against glibc, and unless there's an objection I would like 
to fix both bugs in glibc and propagate the fix into gnulib. Please see the 
glibc bug here:

https://sourceware.org/bugzilla/show_bug.cgi?id=23609

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.