GNU bug report logs - #32592
s with i modifier seems to work incorrectly

Previous Next

Package: sed;

Reported by: Saito Takaaki <tails.saito <at> gmail.com>

Date: Thu, 30 Aug 2018 14:44:01 UTC

Severity: normal

Tags: fixed

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #47 received at 32592 <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: Assaf Gordon <assafgordon <at> gmail.com>,
 "bug-gnulib <at> gnu.org List" <bug-gnulib <at> gnu.org>, bill-auger <at> peers.community,
 32592 <at> debbugs.gnu.org, tails.saito <at> gmail.com, Eric Blake <eblake <at> redhat.com>
Subject: Re: bug#32592: heap-use-after-free in regex module
Date: Thu, 6 Sep 2018 06:41:41 -0700

On Thu, Sep 6, 2018 at 12:18 AM Paul Eggert <eggert <at> cs.ucla.edu> wrote:
> Jim Meyering wrote:
> > I couldn't help but notice this nonsense right after the line
> > you inserted:
> >
> >            if (err == REG_NOMATCH)
> >              continue;
> >          }
> >
> > That is an "if (...) continue;" just before the closing brace of a
> > for-loop. Those two lines constitute a no-op and should be removed,
> > though not as part of your change.
>
> Actually I think the abovementioned code should be kept, and the nonsense comes
> from the fact that some code is missing after the "if". When err != REG_NOMATCH
> && err != REG_NOERROR, the function should exit the loop and return immediately,
> because there is a memory allocation error in a subroutine.
>
> What a coincidence that we would find two bugs right next to each other, huh?...

Indeed. Glad you realized that.
This bug report was last modified 6 years and 283 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.