Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 6 Oct 2016 02:02:07 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: [PATCH] fix regexec with haystack strings longer than INT_MAX

We inherited from TRE regexec code that's utterly wrong with respect
to the integer types it's using; while it doesn't appear to be unsafe,
it fails to find matches past offset INT_MAX. This patch fixes the
type of all variables/fields used to store offsets in the string from
int to regoff_t, and seems to fix the problem, though it has not been
heavily tested yet.

I've also attached a test program suitable for demonstrating the bug
and at least one case where the fix works. It uses my (also attached)
alloc_huge function which allows testing >4GB inputs to string
functions without the need for huge amounts of physical memory or
swap.

Rich

View attachment "regpos2.diff" of type "text/plain" (5841 bytes)

View attachment "regexec_huge_haystack.c" of type "text/plain" (344 bytes)

View attachment "huge.c" of type "text/plain" (1109 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.