Date: Thu, 6 Oct 2016 02:02:07 -0400 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: [PATCH] fix regexec with haystack strings longer than INT_MAX We inherited from TRE regexec code that's utterly wrong with respect to the integer types it's using; while it doesn't appear to be unsafe, it fails to find matches past offset INT_MAX. This patch fixes the type of all variables/fields used to store offsets in the string from int to regoff_t, and seems to fix the problem, though it has not been heavily tested yet. I've also attached a test program suitable for demonstrating the bug and at least one case where the fix works. It uses my (also attached) alloc_huge function which allows testing >4GB inputs to string functions without the need for huge amounts of physical memory or swap. Rich View attachment "regpos2.diff" of type "text/plain" (5841 bytes) View attachment "regexec_huge_haystack.c" of type "text/plain" (344 bytes) View attachment "huge.c" of type "text/plain" (1109 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.