luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-09-21 09:46:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

gregex: Fix a potential use-after-free bug

Browse Source 
If the match_info out argument is NULL, info will be freed, but then its
matches member will be accessed.

Spotted by Leslie Zhai <xiangzhai83@gmail.com>.

https://bugzilla.gnome.org/show_bug.cgi?id=777077
This commit is contained in:
Philip Withnall 2017-01-11 17:14:18 +00:00
parent 3b5b5696ed
commit 88e977266b
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
glib/gregex.c
View File

@ -1911,6 +1911,7 @@ g_regex_match_all_full (const GRegex *regex,
gboolean done;
pcre *pcre_re;
pcre_extra *extra;
gboolean retval;
g_return_val_if_fail (regex != NULL, FALSE);
g_return_val_if_fail (string != NULL, FALSE);
@ -1984,13 +1985,14 @@ g_regex_match_all_full (const GRegex *regex,
/* set info->pos to -1 so that a call to g_match_info_next() fails. */
info->pos = -1;
retval = info->matches >= 0;
if (match_info != NULL)
*match_info = info;
else
g_match_info_free (info);
return info->matches >= 0;
return retval;
}
/**