In article <588d84f4-530a-4cc9-6f1b-757a9071e...@sdf.org>,
RVP wrote:
>On Sat, 28 Dec 2024, Christos Zoulas wrote:
>
>> In article
>,
>> enh wrote:
>>> -=-=-=-=-=-
>>>
>>> a trivial fuzzer someone once wrote blew up on this input to regcomp()
>>> [passed directly to regcomp() after adding a tra
On Sat, 28 Dec 2024, Christos Zoulas wrote:
In article ,
enh wrote:
-=-=-=-=-=-
a trivial fuzzer someone once wrote blew up on this input to regcomp()
[passed directly to regcomp() after adding a trailing '\0']:
xxd
~~/Downloads/clusterfuzz-testcase-minimized-regexec_fuzzer-5459313584832512
On Tue, 10 Dec 2024, enh wrote:
looking at the netbsd regex source, it seems like all accesses to `bmp`
_do_ all have appropriate `< NC` range checks, but because wint_t is
signed, the checks are wrong for negative values.
i think you want something like this patch:
diff --git a/lib/libc/regex
>> : 6a3a 5b5d 6a3a 5b5d 6a3a 5bd9 6a3a 5b5d j:[]j:[]j:[.j:[]
> I can't reproduce this in current:
> if ((e = regcomp(&re, "j:[]j:[]j:[.j:[]", REG_EXTENDED)) != 0) {
> What am I doing wrong?
Based on the Subject:, perhaps you're using a machine where plain char
has opposite signe
In article ,
enh wrote:
>-=-=-=-=-=-
>
>a trivial fuzzer someone once wrote blew up on this input to regcomp()
>[passed directly to regcomp() after adding a trailing '\0']:
>
>xxd
>~~/Downloads/clusterfuzz-testcase-minimized-regexec_fuzzer-5459313584832512
>: 6a3a 5b5d 6a3a 5b5d 6a3a 5bd9
Thanks, I've filed PR lib/58910: regcomp explodes on signedness issues
(https://gnats.NetBSD.org/58910) to track this.
First step will be to add some test cases to the ATF tests under
src/tests/lib/libc/regex/ to make sure we're exercising all the
relevant paths (may require some tweaks to handle
thoughts? (i'm probably just addressing christos@ since i think he's Mr
Regex :-) )
On Tue, Dec 10, 2024 at 2:06 PM enh wrote:
> a trivial fuzzer someone once wrote blew up on this input to regcomp()
> [passed directly to regcomp() after adding a trailing '\0']:
>
> xxd
> ~/Downloads/clusterfuzz
a trivial fuzzer someone once wrote blew up on this input to regcomp()
[passed directly to regcomp() after adding a trailing '\0']:
xxd
~~/Downloads/clusterfuzz-testcase-minimized-regexec_fuzzer-5459313584832512
: 6a3a 5b5d 6a3a 5b5d 6a3a 5bd9 6a3a 5b5d j:[]j:[]j:[.j:[]
here:
==2830==ER
