pool/glibc
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e6a16310f4
glibc/regex-read-overrun.patch

26 lines
852 B
Diff
Raw Normal View History

Accepting request 681702 from home:Andreas_Schwab:Factory - regex-read-overrun.patch: fix read overrun (CVE-2019-9169, bsc#1127308, BZ #24114) - ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig (bsc#1117993, BZ #23973) OBS-URL: https://build.opensuse.org/request/show/681702 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=521
2019-03-05 12:35:06 +01:00
2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
regex: fix read overrun [BZ #24114]
Problem found by AddressSanitizer, reported by Hongxu Chen in:
https://debbugs.gnu.org/34140
* posix/regexec.c (proceed_next_node):
Do not read past end of input buffer.
Index: glibc-2.29/posix/regexec.c
===================================================================
--- glibc-2.29.orig/posix/regexec.c
+++ glibc-2.29/posix/regexec.c
@@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_contex
else if (naccepted)
{
char *buf = (char *) re_string_get_buffer (&mctx->input);
- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
- naccepted) != 0)
+ if (mctx->input.valid_len - *pidx < naccepted
+ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+ naccepted)
+ != 0))
return -1;
}
}
Reference in New Issue Copy Permalink