r4694 - in glibc-package/trunk/debian: . patches patches/any
Author: aurel32
Date: 2011-06-04 11:25:31 +0000 (Sat, 04 Jun 2011)
New Revision: 4694
Added:
glibc-package/trunk/debian/patches/any/cvs-regex-oom.diff
Modified:
glibc-package/trunk/debian/changelog
glibc-package/trunk/debian/patches/series
Log:
* Add patches/any/cvs-regex-oom.diff to fix an oom issue triggerable with
some regexes.
Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog 2011-06-04 11:19:30 UTC (rev 4693)
+++ glibc-package/trunk/debian/changelog 2011-06-04 11:25:31 UTC (rev 4694)
@@ -26,6 +26,8 @@
to fix brk(), semctl() and if_nameindex() bugs.
* Add patches/any/local-tst-writev.diff to fix compilation of tst-writev.c.
* Add breaks on packages which don't support multiarch paths.
+ * Add patches/any/cvs-regex-oom.diff to fix an oom issue triggerable with
+ some regexes.
[ Steve Langasek ]
* Tighten the dependency on dpkg to a multiarch aware version.
Added: glibc-package/trunk/debian/patches/any/cvs-regex-oom.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/cvs-regex-oom.diff (rev 0)
+++ glibc-package/trunk/debian/patches/any/cvs-regex-oom.diff 2011-06-04 11:25:31 UTC (rev 4694)
@@ -0,0 +1,102 @@
+2011-05-28 Ulrich Drepper <drepper@gmail.com>
+
+ [BZ #12811]
+ * posix/regex_internal.c (build_wcs_buffer): Don't signal we have to
+ grow the buffers more if it already has to be sufficient.
+ (build_wcs_upper_buffer): Likewise.
+ * posix/regexec.c (check_matching): Likewise.
+ (clean_state_log_if_needed): Likewise.
+ (extend_buffers): Don't enlarge buffers beyond size of the input
+ buffer.
+ Patches mostly by Emil Wojak <emil@wojak.eu>.
+
+diff --git a/posix/regex_internal.c b/posix/regex_internal.c
+index 8183a29..285ae3b 100644
+--- a/posix/regex_internal.c
++++ b/posix/regex_internal.c
+@@ -237,13 +237,8 @@ build_wcs_buffer (re_string_t *pstr)
+ else
+ p = (const char *) pstr->raw_mbs + pstr->raw_mbs_idx + byte_idx;
+ mbclen = __mbrtowc (&wc, p, remain_len, &pstr->cur_state);
+- if (BE (mbclen == (size_t) -2, 0))
+- {
+- /* The buffer doesn't have enough space, finish to build. */
+- pstr->cur_state = prev_st;
+- break;
+- }
+- else if (BE (mbclen == (size_t) -1 || mbclen == 0, 0))
++ if (BE (mbclen == (size_t) -1 || mbclen == 0
++ || (mbclen == (size_t) -2 && pstr->bufs_len >= pstr->len), 0))
+ {
+ /* We treat these cases as a singlebyte character. */
+ mbclen = 1;
+@@ -252,6 +247,12 @@ build_wcs_buffer (re_string_t *pstr)
+ wc = pstr->trans[wc];
+ pstr->cur_state = prev_st;
+ }
++ else if (BE (mbclen == (size_t) -2, 0))
++ {
++ /* The buffer doesn't have enough space, finish to build. */
++ pstr->cur_state = prev_st;
++ break;
++ }
+
+ /* Write wide character and padding. */
+ pstr->wcs[byte_idx++] = wc;
+@@ -334,9 +335,11 @@ build_wcs_upper_buffer (re_string_t *pstr)
+ for (remain_len = byte_idx + mbclen - 1; byte_idx < remain_len ;)
+ pstr->wcs[byte_idx++] = WEOF;
+ }
+- else if (mbclen == (size_t) -1 || mbclen == 0)
++ else if (mbclen == (size_t) -1 || mbclen == 0
++ || (mbclen == (size_t) -2 && pstr->bufs_len >= pstr->len))
+ {
+- /* It is an invalid character or '\0'. Just use the byte. */
++ /* It is an invalid character, an incomplete character
++ at the end of the string, or '\0'. Just use the byte. */
+ int ch = pstr->raw_mbs[pstr->raw_mbs_idx + byte_idx];
+ pstr->mbs[byte_idx] = ch;
+ /* And also cast it to wide char. */
+@@ -449,7 +452,8 @@ build_wcs_upper_buffer (re_string_t *pstr)
+ for (remain_len = byte_idx + mbclen - 1; byte_idx < remain_len ;)
+ pstr->wcs[byte_idx++] = WEOF;
+ }
+- else if (mbclen == (size_t) -1 || mbclen == 0)
++ else if (mbclen == (size_t) -1 || mbclen == 0
++ || (mbclen == (size_t) -2 && pstr->bufs_len >= pstr->len))
+ {
+ /* It is an invalid character or '\0'. Just use the byte. */
+ int ch = pstr->raw_mbs[pstr->raw_mbs_idx + src_idx];
+diff --git a/posix/regexec.c b/posix/regexec.c
+index 8d4475c..9e0c565 100644
+--- a/posix/regexec.c
++++ b/posix/regexec.c
+@@ -1156,7 +1156,8 @@ check_matching (re_match_context_t *mctx, int fl_longest_match,
+ re_dfastate_t *old_state = cur_state;
+ int next_char_idx = re_string_cur_idx (&mctx->input) + 1;
+
+- if (BE (next_char_idx >= mctx->input.bufs_len, 0)
++ if ((BE (next_char_idx >= mctx->input.bufs_len, 0)
++ && mctx->input.bufs_len < mctx->input.len)
+ || (BE (next_char_idx >= mctx->input.valid_len, 0)
+ && mctx->input.valid_len < mctx->input.len))
+ {
+@@ -1732,7 +1733,8 @@ clean_state_log_if_needed (re_match_context_t *mctx, int next_state_log_idx)
+ {
+ int top = mctx->state_log_top;
+
+- if (next_state_log_idx >= mctx->input.bufs_len
++ if ((next_state_log_idx >= mctx->input.bufs_len
++ && mctx->input.bufs_len < mctx->input.len)
+ || (next_state_log_idx >= mctx->input.valid_len
+ && mctx->input.valid_len < mctx->input.len))
+ {
+@@ -4111,7 +4113,7 @@ extend_buffers (re_match_context_t *mctx)
+ return REG_ESPACE;
+
+ /* Double the lengthes of the buffers. */
+- ret = re_string_realloc_buffers (pstr, pstr->bufs_len * 2);
++ ret = re_string_realloc_buffers (pstr, MIN (pstr->len, pstr->bufs_len * 2));
+ if (BE (ret != REG_NOERROR, 0))
+ return ret;
+
Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series 2011-06-04 11:19:30 UTC (rev 4693)
+++ glibc-package/trunk/debian/patches/series 2011-06-04 11:25:31 UTC (rev 4694)
@@ -260,3 +260,4 @@
any/cvs-setlocale.diff
any/submitted-rlimit-rttime.diff
any/local-tst-writev.diff
+any/cvs-regex-oom.diff
Reply to: