From: Bruno Haible <bruno@clisp.org>
Date: Mon, 7 Feb 2005 11:43:19 +0000 (+0000)
Subject: Avoid buffer overrun when the string does not end in a newline.
X-Git-Tag: v0.14.2~98
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=095c898e3c2bbc18121c7493de3dd84cd7afdf90;p=thirdparty%2Fgettext.git

Avoid buffer overrun when the string does not end in a newline.
---

diff --git a/gettext-tools/libgrep/ChangeLog b/gettext-tools/libgrep/ChangeLog
index ff9be005c..37bc9d270 100644
--- a/gettext-tools/libgrep/ChangeLog
+++ b/gettext-tools/libgrep/ChangeLog
@@ -1,3 +1,8 @@
+2005-02-03  Bruno Haible  <bruno@clisp.org>
+
+	* dfa.c (dfaexec): Avoid continuing the loop past the end of the
+	string.
+
 2005-01-27  Bruno Haible  <bruno@clisp.org>
 
 	* dfa.c (parse_bracket_exp_mb): Don't confuse wctype_t with wchar_t.
diff --git a/gettext-tools/libgrep/dfa.c b/gettext-tools/libgrep/dfa.c
index cf949f848..b52ed6333 100644
--- a/gettext-tools/libgrep/dfa.c
+++ b/gettext-tools/libgrep/dfa.c
@@ -2802,6 +2802,12 @@ dfaexec (struct dfa *d, char const *begin, size_t size, int *backref)
       if (MB_CUR_MAX > 1)
 	while ((t = trans[s]))
 	  {
+	    if (p == end)
+	      {
+		free(mblen_buf);
+		free(inputwcs);
+		return (size_t) -1;
+	      }
 	    if (d->states[s].mbps.nelem != 0)
 	      {
 		/* Can match with a multibyte character( and multi character
@@ -2826,7 +2832,11 @@ dfaexec (struct dfa *d, char const *begin, size_t size, int *backref)
       else
 #endif /* MBS_SUPPORT */
         while ((t = trans[s]))
-	  s = t[*p++];
+	  {
+	    if (p == end)
+	      return (size_t) -1;
+	    s = t[*p++];
+	  }
 
       if (s < 0)
 	{