summaryrefslogtreecommitdiff
path: root/src/regex
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2012-04-14 22:32:42 -0400
committerRich Felker <dalias@aerifal.cx>2012-04-14 22:32:42 -0400
commitb9dd43db04ca312c3c1cc6ddc77e8f5bf559e72d (patch)
tree2d6a2a27eef35003b7a99481d70d62c5d4c11159 /src/regex
parent0115a6ed964f4afe87847a252363801e96194f0b (diff)
downloadmusl-b9dd43db04ca312c3c1cc6ddc77e8f5bf559e72d.tar.gz
fix signedness error handling invalid multibyte sequences in regexec
the "< 0" test was always false due to use of an unsigned type. this resulted in infinite loops on 32-bit machines (adding -1U to a pointer is the same as adding -1) and crashes on 64-bit machines (offsetting the string pointer by 4gb-1b when an illegal sequence was hit).
Diffstat (limited to 'src/regex')
-rw-r--r--src/regex/regexec.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/regex/regexec.c b/src/regex/regexec.c
index 79874ca5..8107aae7 100644
--- a/src/regex/regexec.c
+++ b/src/regex/regexec.c
@@ -174,7 +174,7 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
tre_char_t prev_c = 0, next_c = 0;
const char *str_byte = string;
int pos = -1;
- unsigned int pos_add_next = 1;
+ int pos_add_next = 1;
#ifdef TRE_MBSTATE
mbstate_t mbstate;
#endif /* TRE_MBSTATE */
@@ -583,7 +583,7 @@ tre_tnfa_run_backtrack(const tre_tnfa_t *tnfa, const void *string,
tre_char_t prev_c = 0, next_c = 0;
const char *str_byte = string;
int pos = 0;
- unsigned int pos_add_next = 1;
+ int pos_add_next = 1;
#ifdef TRE_MBSTATE
mbstate_t mbstate;
#endif /* TRE_MBSTATE */