| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Run "make update-copyright" and then...
* gnulib: Update to latest with copyright year adjusted.
* tests/init.sh: Sync with gnulib to pick up copyright year.
* bootstrap: Likewise.
* doc/grep.in.1: Use "-" in copyright year ranges, not \en.
|
|
|
|
| |
* gnulib: Also update submodule for its copyright updates.
|
|
|
|
|
| |
Mostly this is just changing http: to https:.
In one or two places it removes no-longer-useful URLs.
|
|
|
|
|
|
| |
* gnulib: Update to latest.
* all files: Run "make update-copyright".
* bootstrap: Update from gnulib.
|
|
|
|
|
| |
* gnulib: Update to latest.
* all files: Run "make update-copyright".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/sjis-mb (encode): Rearrange to emit desired input into
a file, rather than piping directly into grep. That permits
the use of returns_ 1 to verify timeout's exit status.
* tests/euc-mb: Use "returns_ 1" rather than testing $? = 1
* tests/char-class-multibyte: Likewise.
* tests/dfa-heap-overrun: Likewise.
* tests/encoding-error: Likewise.
* tests/fedora: Likewise.
* tests/grep-dev-null: Likewise.
* tests/init.cfg (envvar_check_fail): Likewise.
* tests/kwset-abuse: Likewise.
* tests/mb-non-UTF8-overrun: Likewise.
* tests/multibyte-white-space: Likewise.
* tests/pcre-infloop: Likewise.
* tests/surrogate-pair: Likewise.
* tests/warn-char-classes: Likewise.
Do the same for other values:
* tests/backref-multibyte-slow: Likewise.
* tests/euc-mb: Likewise.
* tests/pcre-abort: Likewise.
* tests/pcre-jitstack: Likewise.
* tests/repetition-overflow: Likewise.
* tests/reversed-range-endpoints: Likewise.
* tests/warn-char-classes: Likewise.
|
|
|
|
|
|
|
|
| |
Run "make update-copyright" and then...
* gnulib: Update to latest.
* tests/init.sh: Update from gnulib.
* bootstrap: Likewise.
|
|
grep's read buffer is often filled to its full size, except when
reading the final buffer of a file. In that case, the number of
bytes read may be far less than the size of the buffer. However, for
certain unusual pattern/text combinations, grep -F would mistakenly
examine bytes in that uninitialized region of memory when searching
for a match. With carefully chosen inputs, one can cause grep -F to
read beyond the end of that buffer altogether. This problem arose via
commit v2.18-90-g73893ff with the introduction of a more efficient
heuristic using what is now the memchr_kwset function. The use of
that function in bmexec_trans could leave TP much larger than EP,
and the subsequent call to bm_delta2_search would mistakenly access
beyond end of the main input read buffer.
* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
do not call bm_delta2_search.
* tests/kwset-abuse: New file.
* tests/Makefile.am (TESTS): Add it.
* THANKS.in: Update.
* NEWS (Bug fixes): Mention it.
Prior to this patch, this command would trigger a UMR:
printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
Use of uninitialised value of size 8
at 0x4142BE: bmexec_trans (kwset.c:657)
by 0x4143CA: bmexec (kwset.c:678)
by 0x414973: kwsexec (kwset.c:848)
by 0x414DC4: Fexecute (kwsearch.c:128)
by 0x404E2E: grepbuf (grep.c:1238)
by 0x4054BF: grep (grep.c:1417)
by 0x405CEB: grepdesc (grep.c:1645)
by 0x405EC1: grep_command_line_arg (grep.c:1692)
by 0x4077D4: main (grep.c:2570)
See the accompanying test for how to trigger the heap buffer overrun.
Thanks to Nima Aghdaii for testing and finding numerous
ways to break early iterations of this patch.
|