| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
* cfg.mk (PATH): Use $(PATH_SEPARATOR), for those systems that
use something other than ":".
* THANKS.in: Remove name, to avoid syntax-check failure due to
the duplicate, now that there is this commit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/pcresearch.c (Pexecute): When advancing SUBJECT past an
encoding error, don't blindly set P to that new value, since we
will soon compute SEARCH_OFFSET = P - SUBJECT, and mistakenly
making that difference too small would allow us to match some
previously-processed text, resulting in an infinite loop.
* NEWS (Bug fixes): Mention it.
* THANKS.in: Add Christian's name and email address.
* tests/pcre-invalid-utf8-infloop: New file.
* tests/Makefile.am (TESTS): Add it.
Reported by Christian Boltz in http://debbugs.gnu.org/22181
Introduced by commit, v2.21-37-g14f8e48.
|
| |
|
|
|
| |
* THANKS.in: Add name+email of those who found and reported
the bug that made grep -E '^x|x$' match any "x".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
grep's read buffer is often filled to its full size, except when
reading the final buffer of a file. In that case, the number of
bytes read may be far less than the size of the buffer. However, for
certain unusual pattern/text combinations, grep -F would mistakenly
examine bytes in that uninitialized region of memory when searching
for a match. With carefully chosen inputs, one can cause grep -F to
read beyond the end of that buffer altogether. This problem arose via
commit v2.18-90-g73893ff with the introduction of a more efficient
heuristic using what is now the memchr_kwset function. The use of
that function in bmexec_trans could leave TP much larger than EP,
and the subsequent call to bm_delta2_search would mistakenly access
beyond end of the main input read buffer.
* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
do not call bm_delta2_search.
* tests/kwset-abuse: New file.
* tests/Makefile.am (TESTS): Add it.
* THANKS.in: Update.
* NEWS (Bug fixes): Mention it.
Prior to this patch, this command would trigger a UMR:
printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
Use of uninitialised value of size 8
at 0x4142BE: bmexec_trans (kwset.c:657)
by 0x4143CA: bmexec (kwset.c:678)
by 0x414973: kwsexec (kwset.c:848)
by 0x414DC4: Fexecute (kwsearch.c:128)
by 0x404E2E: grepbuf (grep.c:1238)
by 0x4054BF: grep (grep.c:1417)
by 0x405CEB: grepdesc (grep.c:1645)
by 0x405EC1: grep_command_line_arg (grep.c:1692)
by 0x4077D4: main (grep.c:2570)
See the accompanying test for how to trigger the heap buffer overrun.
Thanks to Nima Aghdaii for testing and finding numerous
ways to break early iterations of this patch.
|
|
|
* Makefile.am (THANKS): New rule.
* THANKS.in: New file.
* THANKS: Remove. Now it's generated from the combination of
THANKS.in and git logs.
* .mailmap: New file.
* cfg.mk (sc_THANKS_in_duplicates): New syntax-check rule, from
coreutils.
* .gitignore: Add THANKS.
* thanks-gen: New file, from coreutils.
|
