aboutsummaryrefslogtreecommitdiffstats
path: root/toolchain/glibc
diff options
context:
space:
mode:
Diffstat (limited to 'toolchain/glibc')
-rw-r--r--toolchain/glibc/patches/001-regex-read-overrun.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/toolchain/glibc/patches/001-regex-read-overrun.patch b/toolchain/glibc/patches/001-regex-read-overrun.patch
new file mode 100644
index 0000000000..c4e4307aa6
--- /dev/null
+++ b/toolchain/glibc/patches/001-regex-read-overrun.patch
@@ -0,0 +1,26 @@
+commit 583dd860d5b833037175247230a328f0050dbfe9
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Mon Jan 21 11:08:13 2019 -0800
+
+ regex: fix read overrun [BZ #24114]
+
+ Problem found by AddressSanitizer, reported by Hongxu Chen in:
+ https://debbugs.gnu.org/34140
+ * posix/regexec.c (proceed_next_node):
+ Do not read past end of input buffer.
+
+--- a/posix/regexec.c
++++ b/posix/regexec.c
+@@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
+ else if (naccepted)
+ {
+ char *buf = (char *) re_string_get_buffer (&mctx->input);
+- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+- naccepted) != 0)
++ if (mctx->input.valid_len - *pidx < naccepted
++ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
++ naccepted)
++ != 0))
+ return -1;
+ }
+ }