diff options
author | Jim Meyering <meyering@redhat.com> | 2009-12-23 18:59:30 +0100 |
---|---|---|
committer | Jim Meyering <meyering@redhat.com> | 2009-12-23 20:36:17 +0100 |
commit | 60a7e46a1c3ff186c373e776958ea02437b686ef (patch) | |
tree | 6f3ce24231471b74a0b62bc01227ff326f84d9dd | |
parent | 711184859ed691a6f47c3c4ad3e4cbcf18ed8290 (diff) | |
download | grep-60a7e46a1c3ff186c373e776958ea02437b686ef.tar.gz |
fix multi-byte-locale read-beyond-end-of-buffer error
Avoid read-beyond-end-of-buffer errors, evoked by running this:
LC_ALL=en_US.UTF-8 valgrind src/grep -f <(printf 'a\nb\n') <(echo c)
Conditional jump or move depends on uninitialised value(s)
at 0x78136D: __gconv_transform_utf8_internal (in /lib/libc-2.11.so)
by 0x7E7232: mbrtowc (in /lib/libc-2.11.so)
by 0x8055773: dfaexec (dfa.c:2816)
by 0x804D7B0: EGexecute (search.c:353)
by 0x804ACD8: grepbuf (grep.c:1036)
by 0x804B023: grep (grep.c:1156)
by 0x804B460: grepfile (grep.c:1287)
by 0x804CF0D: main (grep.c:2282)
Conditional jump or move depends on uninitialised value(s)
at 0x7E7248: mbrtowc (in /lib/libc-2.11.so)
by 0x8055773: dfaexec (dfa.c:2816)
by 0x804D7B0: EGexecute (search.c:353)
by 0x804ACD8: grepbuf (grep.c:1036)
by 0x804B023: grep (grep.c:1156)
by 0x804B460: grepfile (grep.c:1287)
by 0x804CF0D: main (grep.c:2282)
* src/dfa.c (dfaexec) [MBS_SUPPORT]: Do not access one byte beyond
end of buffer.
-rw-r--r-- | src/dfa.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -2808,13 +2808,13 @@ dfaexec (struct dfa *d, char const *begin, size_t size, int *backref) MALLOC(inputwcs, wchar_t, end - (unsigned char const *)begin + 2); memset(&mbs, 0, sizeof(mbstate_t)); remain_bytes = 0; - for (i = 0; i < end - (unsigned char const *)begin + 1; i++) + for (i = 0; i < end - (unsigned char const *)begin; i++) { if (remain_bytes == 0) { remain_bytes = mbrtowc(inputwcs + i, begin + i, - end - (unsigned char const *)begin - i + 1, &mbs); + end - (unsigned char const *)begin - i, &mbs); if (remain_bytes <= 1) { remain_bytes = 0; |