Module Name: src
Committed By: christos
Date: Thu Feb 7 22:22:31 UTC 2019
Modified Files:
src/lib/libc/regex: regcomp.c
Log Message:
Add some better error handling from FreeBSD, although we don't
suffer from the same issue, since we don't decrement p->next, like
FreeBSD does because we don't have multibyte support (yet). We
choose to do this so we can fail faster and more predictably.
Here's the original FreeBSD message:
When passed the invalid regular expression "a**", the error is
eventually detected and seterr() is called. It sets p->error
appropriatly and p->next and p->end to nuls which is a never used char
nuls[10] which is zeros due to .bss initialization. Unfortunatly,
p_ere_exp() and p_simp_re() both have fall through cases where they set
the error, decrement p->next and access it which means a read from what
ever .bss variable comes before nuls.
Found with regex_test:repet_multi and CHERI bounds checking.
Reviewed by: ngie, pfg, emaste
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D10541
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/lib/libc/regex/regcomp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
