Mercurial > hg > xemacs-beta

changeset 4750:b5f21bb36684

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix crash in regex.c (closes issue630).
author Stephen J. Turnbull <stephen@xemacs.org>
date Tue, 17 Nov 2009 23:41:39 +0900
parents 294a86d29f99
children 91f85b19749f
files src/ChangeLog src/regex.c
diffstat 2 files changed, 24 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/src/ChangeLog	Mon Nov 16 12:00:38 2009 +0900
+++ b/src/ChangeLog	Tue Nov 17 23:41:39 2009 +0900
@@ -1,3 +1,13 @@
+2009-11-17  Stephen J. Turnbull  <stephen@xemacs.org>
+
+	Fix issue630.
+
+	* regex.c (regex_compile):
+	Sync treatment of normal_char to GNU Emacs 22.1.
+	Thanks to Aidan Kehoe for the diagnosis and suggestion.
+	(print_partial_compiled_pattern):
+	Avoid buffer overrun in case of /exactn/0.
+
 2009-11-15  Aidan Kehoe  <kehoea@parhasard.net>
 
 	* mule-ccl.c (CCL_CALL_FOR_MAP_INSTRUCTION): Assert that we always
--- a/src/regex.c	Mon Nov 16 12:00:38 2009 +0900
+++ b/src/regex.c	Tue Nov 17 23:41:39 2009 +0900
@@ -112,6 +112,7 @@
 #define INC_IBYTEPTR_FMT(p, fmt) ((p)++)
 #define DEC_IBYTEPTR(p) ((p)--)
 #define DEC_IBYTEPTR_FMT(p, fmt) ((p)--)
+#define MAX_ICHAR_LEN 1
 #define itext_ichar_len(ptr) 1
 #define itext_ichar_len_fmt(ptr, fmt) 1
 
@@ -813,12 +814,11 @@
 	case exactn:
 	  mcnt = *p++;
           printf ("/exactn/%d", mcnt);
-          do
+          while (mcnt--)
 	    {
-              putchar ('/');
+	      putchar ('/');
 	      putchar (*p++);
             }
-          while (--mcnt);
           break;
 
 	case start_memory:
@@ -3339,10 +3339,7 @@
 	/* `p' points to the location after where `c' came from. */
 	normal_char:
 	  {
-	    /* XEmacs: modifications here for Mule. */
-	    /* `q' points to the beginning of the next char. */
-	    re_char *q = p;
-
+	    /* The following conditional synced to GNU Emacs 22.1.  */
 	    /* If no exactn currently being built.  */
 	    if (!pending_exact
 
@@ -3350,18 +3347,19 @@
 		|| pending_exact + *pending_exact + 1 != buf_end
 
 		/* We have only one byte following the exactn for the count. */
-		|| ((unsigned int) (*pending_exact + (q - p)) >=
-		    ((unsigned int) (1 << BYTEWIDTH) - 1))
-
-		/* If followed by a repetition operator.  */
-		|| *q == '*' || *q == '^'
+		|| *pending_exact >= (1 << BYTEWIDTH) - MAX_ICHAR_LEN
+
+		/* If followed by a repetition operator.
+		   If the lookahead fails because of end of pattern, any
+		   trailing backslash will get caught later.  */
+		|| (p != pend && (*p == '*' || *p == '^'))
 		|| ((syntax & RE_BK_PLUS_QM)
-		    ? *q == '\\' && (q[1] == '+' || q[1] == '?')
-		    : (*q == '+' || *q == '?'))
+		    ? p + 1 < pend && *p == '\\' && (p[1] == '+' || p[1] == '?')
+		    : p != pend && (*p == '+' || *p == '?'))
 		|| ((syntax & RE_INTERVALS)
 		    && ((syntax & RE_NO_BK_BRACES)
-			? *q == '{'
-			: (q[0] == '\\' && q[1] == '{'))))
+			? p != pend && *p == '{'
+			: p + 1 < pend && (p[0] == '\\' && p[1] == '{'))))
 	      {
 		/* Start building a new exactn.  */