| Age | Commit message (Collapse) | Author | Lines |
|---|
| 2017年03月14日 | fix free of uninitialized buffer pointer on error in regexec | Rich Felker | -3/+3 |
|
the fix in commit c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 for
CVE-2016-8859 used gotos to exit on overflow conditions, but the code
in that error path assumed the buffer pointer was valid or null. thus,
the conditions which previously led to under-allocation and buffer
overflow could instead lead to an invalid pointer being passed to
free.
|
| 2016年10月06日 | fix regexec with haystack strings longer than INT_MAX | Rich Felker | -26/+28 |
|
we inherited from TRE regexec code that's utterly wrong with respect
to the integer types it's using. while it doesn't appear that
compilers are producing unsafe output, signed integer overflows seem
to happen, and regexec fails to find matches past offset INT_MAX.
this patch fixes the type of all variables/fields used to store
offsets in the string from int to regoff_t. after the changes, basic
testing showed that regexec can now find matches past 2GB (INT_MAX)
and past 4GB on x86_64, and code generation is unchanged on i386.
|
| 2016年10月06日 | fix missing integer overflow checks in regexec buffer size computations | Rich Felker | -5/+18 |
|
most of the possible overflows were already ruled out in practice by
regcomp having already succeeded performing larger allocations.
however at least the num_states*num_tags multiplication can clearly
overflow in practice. for safety, check them all, and use the proper
type, size_t, rather than int.
also improve comments, use calloc in place of malloc+memset, and
remove bogus casts.
|
| 2014年09月05日 | fix memory leak in regexec when input contains illegal sequence | Szabolcs Nagy | -5/+6 |
|
| 2014年07月17日 | fix crash in regexec for nonzero nmatch argument with REG_NOSUB | Rich Felker | -0/+1 |
|
per POSIX, the nmatch and pmatch arguments are ignored when the regex
was compiled with REG_NOSUB.
|
| 2013年02月01日 | revert regex "cleanup" that seems unjustified and may break backtracking | Rich Felker | -0/+3 |
|
it's not clear to me at the moment whether the code that was removed
(and which is now being re-added) is needed, but it's far from being a
no-op, and i don't want to risk breaking regex in this release.
|
| 2013年01月14日 | regex: remove an unused local variable from regexec | Szabolcs Nagy | -3/+0 |
|
pos_start local variable is not used in tre_tnfa_run_backtrack
|
| 2012年09月06日 | use restrict everywhere it's required by c99 and/or posix 2008 | Rich Felker | -2/+2 |
|
to deal with the fact that the public headers may be used with pre-c99
compilers, __restrict is used in place of restrict, and defined
appropriately for any supported compiler. we also avoid the form
[restrict] since older versions of gcc rejected it due to a bug in the
original c99 standard, and instead use the form *restrict.
|
| 2012年04月14日 | fix signedness error handling invalid multibyte sequences in regexec | Rich Felker | -2/+2 |
|
the "< 0" test was always false due to use of an unsigned type. this
resulted in infinite loops on 32-bit machines (adding -1U to a pointer
is the same as adding -1) and crashes on 64-bit machines (offsetting
the string pointer by 4gb-1b when an illegal sequence was hit).
|
| 2012年03月20日 | upgrade to latest upstream TRE regex code (0.8.0) | Rich Felker | -241/+145 |
|
the main practical results of this change are
1. the regex code is no longer subject to LGPL; it's now 2-clause BSD
2. most (all?) popular nonstandard regex extensions are supported
I hesitate to call this a "sync" since both the old and new code are
heavily modified. in one sense, the old code was "more severely"
modified, in that it was actively hostile to non-strictly-conforming
expressions. on the other hand, the new code has eliminated the
useless translation of the entire regex string to wchar_t prior to
compiling, and now only converts multibyte character literals as
needed.
in the future i may use this modified TRE as a basis for writing the
long-planned new regex engine that will avoid multibyte-to-wide
character conversion entirely by compiling multibyte bracket
expressions specific to UTF-8.
|
| 2011年04月07日 | fix bug in TRE found by clang (typo && instead of &) | Rich Felker | -1/+1 |
|
| 2011年02月12日 | initial check-in, version 0.5.0 v0.5.0 | Rich Felker | -0/+1107 |
|