Actions
Bug #8354
closed
sync regcomp(3C) with upstream
Start date:
2017-06-08
Due date:
% Done:
100%
Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
External Bug:
Description
There are quite a few changes in regex code in upstream (FreeBSD), bring them in to fix several issue. The list of commits below:
--------------------------------------------------------------
Author: kevlo <kevlo@FreeBSD.org>
Date: Thu Nov 10 01:44:05 2011 +0000
- Don't handle out-of-memory condition
- Fix types of function arguments match their declaration
--------------------------------------------------------------
Author: kevlo <kevlo@FreeBSD.org>
Date: Fri Nov 11 01:35:07 2011 +0000
Converting int to wint_t leads to broekn comparison of raw char
and encoded wint_t.
--------------------------------------------------------------
Author: delphij <delphij@FreeBSD.org>
Date: Fri Mar 1 23:26:13 2013 +0000
Fix assignment of maximum bounadary.
--------------------------------------------------------------
Author: delphij <delphij@FreeBSD.org>
Date: Fri Dec 19 06:48:47 2014 +0000
Plug a memory leak.
--------------------------------------------------------------
Author: delphij <delphij@FreeBSD.org>
Date: Sat Feb 14 00:23:53 2015 +0000
Disallow pattern spaces which would cause intermediate calculations
to overflow size_t.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date: Fri Feb 20 21:21:38 2015 +0000
regex(3): Fix uninitialized pointer values.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date: Sat Feb 21 15:02:27 2015 +0000
Prevent NULL pointer de-reference.
As a follow up to r279090, if dp hasn't been defined, we
shouldn't attempt to do an optimization here.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date: Sat Apr 23 20:45:09 2016 +0000
regex: prevent two improbable signed integer overflows.
In matcher() we used an integer to index nsub of type size_t.
In print() we used an integer to index nstates of type sopno,
typedef'd long.
In both cases the indexes never take negative values.
Match the types to avoid any error.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date: Sat Apr 30 01:24:24 2016 +0000
libc: spelling fixes.
Mostly on comments.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date: Sat May 21 19:54:10 2016 +0000
libc/regex: fix two buffer underruns.
Fix some rather complex regex issues found on OpenBSD as part of
some ongoing work to fix a sed(1) bug.
Curiously the OpenBSD tests don't trigger segfaults on FreeBSD but
the bugs were confirmed by running a port of FreeBSD's regex under
OpenBSD's malloc. Huge thanks to Ingo for confirming the behavior.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date: Wed May 25 15:35:23 2016 +0000
libc: regexec(3) adjustment.
Change the behavior of when REG_STARTEND is combined with
REG_NOTBOL.
From the original posting[1]:
"Enable the assumption that pmatch[0].rm_so is a continuation offset
to a string and allows us to do a proper assessment of the
character in regards to it's word position ('^' or '\<'), without
risking going into unallocated memory."
This change makes us similar to how glibc handles REG_STARTEND |
REG_NOTBOL, and is closely related to a soon-to-land fix to sed.
Special thanks to Martijn van Duren and Ingo Schwarze for working
out some consistent behaviour.
--------------------------------------------------------------
Author: imp <imp@FreeBSD.org>
Date: Tue Feb 28 23:42:47 2017 +0000
Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the
same numbering for legal reasons is too pedantic, so give up on that
point.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date: Sun Apr 23 21:51:29 2017 +0000
regex: unsign and constify some variables.
Taking some hints from the regex variant in nvi(1) and higher-level
compiler warnings, update some types in our regex(3) implementation.
--------------------------------------------------------------
Author: brooks <brooks@FreeBSD.org>
Date: Tue May 2 21:20:27 2017 +0000
Correct an out-of-bounds read in regcomp when the RE is bad.
When passed the invalid regular expression "a**", the error is
eventually detected and seterr() is called. It sets p->error
appropriatly and p->next and p->end to nuls which is a never used
char nuls[10] which is zeros due to .bss initialization.
Unfortunatly, p_ere_exp() and p_simp_re() both have fall through
cases where they set the error, decrement p->next and access it
which means a read from what ever .bss variable comes before nuls.
Found with regex_test:repet_multi and CHERI bounds checking.
--------------------------------------------------------------
Updated by Electric Monk over 6 years ago
- Status changed from In Progress to Closed
- % Done changed from 50 to 100
git commit 7641c5eab2e15e87eafc318a09f2bd5c6f968607
commit 7641c5eab2e15e87eafc318a09f2bd5c6f968607
Author: Yuri Pankov <yuri.pankov@nexenta.com>
Date: 2017-06-12T10:53:41.000Z
8354 sync regcomp(3C) with upstream
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
Updated by Electric Monk over 6 years ago
git commit 1d8d40bd3f903c0d0fa71c26b4548d2d47260251
commit 1d8d40bd3f903c0d0fa71c26b4548d2d47260251
Author: Yuri Pankov <yuri.pankov@nexenta.com>
Date: 2017-06-13T03:33:27.000Z
8354 sync regcomp(3C) with upstream (fix make catalog)
Approved by: Gordon Ross <gwr@nexenta.com>
Actions