]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - src/patches/glibc/glibc-rh757888.patch
projects / people / teissler / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'origin/next' into thirteen
[people/teissler/ipfire-2.x.git] / src / patches / glibc / glibc-rh757888.patch
1 commit f3a6cc0a560a17f32a3e90d2f20501a53cab6058
2 Author: Andreas Schwab <schwab@redhat.com>
3 Date: Tue Nov 29 10:52:22 2011 +0100
4
5 Fix access after end of search string in regex matcher
6
7 diff --git a/locale/weight.h b/locale/weight.h
8 index dc70a00..967e176 100644
9 --- a/locale/weight.h
10 +++ b/locale/weight.h
11 @@ -1,4 +1,4 @@
12 -/* Copyright (C) 1996,1997,1998,1999,2000,2003,2004 Free Software Foundation, Inc.
13 +/* Copyright (C) 1996,1997,1998,1999,2000,2003,2004,2011 Free Software Foundation, Inc.
14 This file is part of the GNU C Library.
15 Written by Ulrich Drepper, <drepper@cygnus.com>.
16
17 @@ -20,7 +20,7 @@
18 /* Find index of weight. */
19 auto inline int32_t
20 __attribute ((always_inline))
21 -findidx (const unsigned char **cpp)
22 +findidx (const unsigned char **cpp, size_t len)
23 {
24 int_fast32_t i = table[*(*cpp)++];
25 const unsigned char *cp;
26 @@ -34,6 +34,7 @@ findidx (const unsigned char **cpp)
27 Search for the correct one. */
28 cp = &extra[-i];
29 usrc = *cpp;
30 + --len;
31 while (1)
32 {
33 size_t nhere;
34 @@ -56,7 +57,7 @@ findidx (const unsigned char **cpp)
35 already. */
36 size_t cnt;
37
38 - for (cnt = 0; cnt < nhere; ++cnt)
39 + for (cnt = 0; cnt < nhere && cnt < len; ++cnt)
40 if (cp[cnt] != usrc[cnt])
41 break;
42
43 @@ -79,13 +80,13 @@ findidx (const unsigned char **cpp)
44 size_t cnt;
45 size_t offset = 0;
46
47 - for (cnt = 0; cnt < nhere; ++cnt)
48 + for (cnt = 0; cnt < nhere && cnt < len; ++cnt)
49 if (cp[cnt] != usrc[cnt])
50 break;
51
52 if (cnt != nhere)
53 {
54 - if (cp[cnt] > usrc[cnt])
55 + if (cnt == len || cp[cnt] > usrc[cnt])
56 {
57 /* Cannot be in this range. */
58 cp += 2 * nhere;
59 diff --git a/locale/weightwc.h b/locale/weightwc.h
60 index 9ea1126..7862091 100644
61 --- a/locale/weightwc.h
62 +++ b/locale/weightwc.h
63 @@ -1,4 +1,4 @@
64 -/* Copyright (C) 1996-2001,2003,2004,2005,2007 Free Software Foundation, Inc.
65 +/* Copyright (C) 1996-2001,2003,2004,2005,2007,2011 Free Software Foundation, Inc.
66 This file is part of the GNU C Library.
67 Written by Ulrich Drepper, <drepper@cygnus.com>.
68
69 @@ -20,7 +20,7 @@
70 /* Find index of weight. */
71 auto inline int32_t
72 __attribute ((always_inline))
73 -findidx (const wint_t **cpp)
74 +findidx (const wint_t **cpp, size_t len)
75 {
76 wint_t ch = *(*cpp)++;
77 int32_t i = __collidx_table_lookup ((const char *) table, ch);
78 @@ -32,6 +32,7 @@ findidx (const wint_t **cpp)
79 /* Oh well, more than one sequence starting with this byte.
80 Search for the correct one. */
81 const int32_t *cp = (const int32_t *) &extra[-i];
82 + --len;
83 while (1)
84 {
85 size_t nhere;
86 @@ -54,7 +55,7 @@ findidx (const wint_t **cpp)
87 already. */
88 size_t cnt;
89
90 - for (cnt = 0; cnt < nhere; ++cnt)
91 + for (cnt = 0; cnt < nhere && cnt < len; ++cnt)
92 if (cp[cnt] != usrc[cnt])
93 break;
94
95 @@ -75,7 +76,7 @@ findidx (const wint_t **cpp)
96 size_t cnt;
97 size_t offset;
98
99 - for (cnt = 0; cnt < nhere - 1; ++cnt)
100 + for (cnt = 0; cnt < nhere - 1 && cnt < len; ++cnt)
101 if (cp[cnt] != usrc[cnt])
102 break;
103
104 diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c
105 index 18a6667..72bd3ee 100644
106 --- a/posix/fnmatch_loop.c
107 +++ b/posix/fnmatch_loop.c
108 @@ -412,7 +412,7 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
109 _NL_CURRENT (LC_COLLATE, _NL_COLLATE_INDIRECTMB);
110 # endif
111
112 - idx = findidx (&cp);
113 + idx = findidx (&cp, 1);
114 if (idx != 0)
115 {
116 /* We found a table entry. Now see whether the
117 @@ -422,7 +422,7 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
118 int32_t idx2;
119 const UCHAR *np = (const UCHAR *) n;
120
121 - idx2 = findidx (&np);
122 + idx2 = findidx (&np, string_end - n);
123 if (idx2 != 0
124 && (idx >> 24) == (idx2 >> 24)
125 && len == weights[idx2 & 0xffffff])
126 diff --git a/posix/regcomp.c b/posix/regcomp.c
127 index b238c08..34ee845 100644
128 --- a/posix/regcomp.c
129 +++ b/posix/regcomp.c
130 @@ -1,5 +1,5 @@
131 /* Extended regular expression matching and search library.
132 - Copyright (C) 2002-2007,2009,2010 Free Software Foundation, Inc.
133 + Copyright (C) 2002-2007,2009,2010,2011 Free Software Foundation, Inc.
134 This file is part of the GNU C Library.
135 Contributed by Isamu Hasegawa <isamu@yamato.ibm.com>.
136
137 @@ -3409,19 +3409,18 @@ build_equiv_class (bitset_t sbcset, const unsigned char *name)
138 _NL_COLLATE_EXTRAMB);
139 indirect = (const int32_t *) _NL_CURRENT (LC_COLLATE,
140 _NL_COLLATE_INDIRECTMB);
141 - idx1 = findidx (&cp);
142 - if (BE (idx1 == 0 || cp < name + strlen ((const char *) name), 0))
143 + idx1 = findidx (&cp, -1);
144 + if (BE (idx1 == 0 || *cp != '\0', 0))
145 /* This isn't a valid character. */
146 return REG_ECOLLATE;
147
148 /* Build single byte matcing table for this equivalence class. */
149 - char_buf[1] = (unsigned char) '\0';
150 len = weights[idx1 & 0xffffff];
151 for (ch = 0; ch < SBC_MAX; ++ch)
152 {
153 char_buf[0] = ch;
154 cp = char_buf;
155 - idx2 = findidx (&cp);
156 + idx2 = findidx (&cp, 1);
157 /*
158 idx2 = table[ch];
159 */
160
161 --- a/posix/regex_internal.h 2011-11-30 12:47:02.706567482 -0700
162 +++ a/posix/regex_internal.h 2011-11-30 12:47:32.969558337 -0700
163 @@ -756,7 +756,7 @@
164 indirect = (const int32_t *) _NL_CURRENT (LC_COLLATE,
165 _NL_COLLATE_INDIRECTMB);
166 p = pstr->mbs + idx;
167 - tmp = findidx (&p);
168 + tmp = findidx (&p, pstr->len - idx);
169 return p - pstr->mbs - idx;
170 }
171 else
172 diff --git a/posix/regexec.c b/posix/regexec.c
173 index 9e0c565..3ea810b 100644
174 --- a/posix/regexec.c
175 +++ b/posix/regexec.c
176 @@ -3924,7 +3924,7 @@ check_node_accept_bytes (const re_dfa_t *dfa, int node_idx,
177 _NL_CURRENT (LC_COLLATE, _NL_COLLATE_EXTRAMB);
178 indirect = (const int32_t *)
179 _NL_CURRENT (LC_COLLATE, _NL_COLLATE_INDIRECTMB);
180 - int32_t idx = findidx (&cp);
181 + int32_t idx = findidx (&cp, elem_len);
182 if (idx > 0)
183 for (i = 0; i < cset->nequiv_classes; ++i)
184 {
185 diff --git a/string/strcoll_l.c b/string/strcoll_l.c
186 index d8d1139..fb77d08 100644
187 --- a/string/strcoll_l.c
188 +++ b/string/strcoll_l.c
189 @@ -1,4 +1,4 @@
190 -/* Copyright (C) 1995-1997,2002,2004,2007,2010 Free Software Foundation, Inc.
191 +/* Copyright (C) 1995-1997,2002,2004,2007,2010,2011 Free Software Foundation, Inc.
192 This file is part of the GNU C Library.
193 Written by Ulrich Drepper <drepper@gnu.org>, 1995.
194
195 @@ -205,7 +205,7 @@ STRCOLL (s1, s2, l)
196
197 while (*us1 != L('\0'))
198 {
199 - int32_t tmp = findidx (&us1);
200 + int32_t tmp = findidx (&us1, -1);
201 rule1arr[idx1max] = tmp >> 24;
202 idx1arr[idx1max] = tmp & 0xffffff;
203 idx1cnt = idx1max++;
204 @@ -267,7 +267,7 @@ STRCOLL (s1, s2, l)
205
206 while (*us2 != L('\0'))
207 {
208 - int32_t tmp = findidx (&us2);
209 + int32_t tmp = findidx (&us2, -1);
210 rule2arr[idx2max] = tmp >> 24;
211 idx2arr[idx2max] = tmp & 0xffffff;
212 idx2cnt = idx2max++;
213 diff --git a/string/strxfrm_l.c b/string/strxfrm_l.c
214 index 220253c..b06556d 100644
215 --- a/string/strxfrm_l.c
216 +++ b/string/strxfrm_l.c
217 @@ -176,7 +176,7 @@ STRXFRM (STRING_TYPE *dest, const STRING_TYPE *src, size_t n, __locale_t l)
218 idxmax = 0;
219 do
220 {
221 - int32_t tmp = findidx (&usrc);
222 + int32_t tmp = findidx (&usrc, -1);
223 rulearr[idxmax] = tmp >> 24;
224 idxarr[idxmax] = tmp & 0xffffff;
225
Timo's tree of IPFire 2.x