[Bug 87] New: Expr crashes on some specific patterns
bugzilla at busybox.net
bugzilla at busybox.net
Tue Feb 3 13:49:10 UTC 2009
https://bugs.busybox.net/show_bug.cgi?id=87
Summary: Expr crashes on some specific patterns
Product: Busybox
Version: 1.13.x
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Standard Compliance
AssignedTo: unassigned at busybox.net
ReportedBy: rousik at gmail.com
CC: busybox-cvs at busybox.net
Estimated Hours: 0.0
Created an attachment (id=49)
--> (https://bugs.busybox.net/attachment.cgi?id=49)
Patch
busybox expr crashes if non-matching \(..\)* block appears on the first
position.
Example:
busybox expr match '' '\(x\)*'
In that case regexec returns regmatch_t with only first entry filled and
busybox tries (without checking) to read substring from re_regs[1]. But
re_regs[1].rm_so == -1
235 /* expr uses an anchored pattern match, so check that there was a
236 * match and that the match starts at offset 0. */
237 if (regexec(&re_buffer, sv->u.s, NMATCH, re_regs, 0) != REG_NOMATCH
238 && re_regs[0].rm_so == 0
239 ) {
240 /* Were \(...\) used? */
241 if (re_buffer.re_nsub > 0) {
242 sv->u.s[re_regs[1].rm_eo] = '\0';
243 v = str_value(sv->u.s + re_regs[1].rm_so);
244 } else {
245 v = int_value(re_regs[0].rm_eo);
246 }
I suggest that adding && re_resg[1].rm_so != -1 should suffice to overcome this
problem.
Patch attached.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list