Project

General

Profile

Actions

Bug #8354

closed

sync regcomp(3C) with upstream

Added by Yuri Pankov about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
lib - userland libraries
Start date:
2017-06-08
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

There are quite a few changes in regex code in upstream (FreeBSD), bring them in to fix several issue. The list of commits below:

--------------------------------------------------------------
Author: kevlo <kevlo@FreeBSD.org>
Date:   Thu Nov 10 01:44:05 2011 +0000

     - Don't handle out-of-memory condition
     - Fix types of function arguments match their declaration
--------------------------------------------------------------
Author: kevlo <kevlo@FreeBSD.org>
Date:   Fri Nov 11 01:35:07 2011 +0000

     Converting int to wint_t leads to broekn comparison of raw char
     and encoded wint_t.
--------------------------------------------------------------
Author: delphij <delphij@FreeBSD.org>
Date:   Fri Mar 1 23:26:13 2013 +0000

     Fix assignment of maximum bounadary.
--------------------------------------------------------------
Author: delphij <delphij@FreeBSD.org>
Date:   Fri Dec 19 06:48:47 2014 +0000

     Plug a memory leak.
--------------------------------------------------------------
Author: delphij <delphij@FreeBSD.org>
Date:   Sat Feb 14 00:23:53 2015 +0000

     Disallow pattern spaces which would cause intermediate calculations
     to overflow size_t.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date:   Fri Feb 20 21:21:38 2015 +0000

     regex(3): Fix uninitialized pointer values.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date:   Sat Feb 21 15:02:27 2015 +0000

     Prevent NULL pointer de-reference.

     As a follow up to r279090, if dp hasn't been defined, we
     shouldn't attempt to do an optimization here.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date:   Sat Apr 23 20:45:09 2016 +0000

     regex: prevent two improbable signed integer overflows.

     In matcher() we used an integer to index nsub of type size_t.
     In print() we used an integer to index nstates of type sopno,
     typedef'd long.
     In both cases the indexes never take negative values.

     Match the types to avoid any error.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date:   Sat Apr 30 01:24:24 2016 +0000

     libc: spelling fixes.

     Mostly on comments.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date:   Sat May 21 19:54:10 2016 +0000

     libc/regex: fix two buffer underruns.

     Fix some rather complex regex issues found on OpenBSD as part of
     some ongoing work to fix a sed(1) bug.

     Curiously the OpenBSD tests don't trigger segfaults on FreeBSD but
     the bugs were confirmed by running a port of FreeBSD's regex under
     OpenBSD's malloc. Huge thanks to Ingo for confirming the behavior.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date:   Wed May 25 15:35:23 2016 +0000

     libc: regexec(3) adjustment.

     Change the behavior of when REG_STARTEND is combined with
     REG_NOTBOL.

     From the original posting[1]:

     "Enable the assumption that pmatch[0].rm_so is a continuation offset
     to  a string and allows us to do a proper assessment of the
     character in  regards to it's word position ('^' or '\<'), without
     risking going into unallocated memory." 

     This change makes us similar to how glibc handles REG_STARTEND |
     REG_NOTBOL, and is closely related to a soon-to-land fix to sed.

     Special thanks to Martijn van Duren and Ingo Schwarze for working
     out some consistent behaviour.
--------------------------------------------------------------
Author: imp <imp@FreeBSD.org>
Date:   Tue Feb 28 23:42:47 2017 +0000

     Renumber copyright clause 4

     Renumber cluase 4 to 3, per what everybody else did when BSD granted
     them permission to remove clause 3. My insistance on keeping the
     same numbering for legal reasons is too pedantic, so give up on that
     point.
--------------------------------------------------------------
Author: pfg <pfg@FreeBSD.org>
Date:   Sun Apr 23 21:51:29 2017 +0000

     regex: unsign and constify some variables.

     Taking some hints from the regex variant in nvi(1) and higher-level
     compiler warnings, update some types in our regex(3) implementation.
--------------------------------------------------------------
Author: brooks <brooks@FreeBSD.org>
Date:   Tue May 2 21:20:27 2017 +0000

     Correct an out-of-bounds read in regcomp when the RE is bad.

     When passed the invalid regular expression "a**", the error is
     eventually detected and seterr() is called. It sets p->error
     appropriatly and p->next and p->end to nuls which is a never used
     char nuls[10] which is zeros due to .bss initialization.
     Unfortunatly, p_ere_exp() and p_simp_re() both have fall through
     cases where they set the error, decrement p->next and access it
     which means a read from what ever .bss variable comes before nuls.

     Found with regex_test:repet_multi and CHERI bounds checking.
--------------------------------------------------------------

Actions #1

Updated by Electric Monk about 5 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 50 to 100

git commit 7641c5eab2e15e87eafc318a09f2bd5c6f968607

commit  7641c5eab2e15e87eafc318a09f2bd5c6f968607
Author: Yuri Pankov <yuri.pankov@nexenta.com>
Date:   2017-06-12T10:53:41.000Z

    8354 sync regcomp(3C) with upstream
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Approved by: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>

Actions #2

Updated by Electric Monk about 5 years ago

git commit 1d8d40bd3f903c0d0fa71c26b4548d2d47260251

commit  1d8d40bd3f903c0d0fa71c26b4548d2d47260251
Author: Yuri Pankov <yuri.pankov@nexenta.com>
Date:   2017-06-13T03:33:27.000Z

    8354 sync regcomp(3C) with upstream (fix make catalog)
    Approved by: Gordon Ross <gwr@nexenta.com>

Actions

Also available in: Atom PDF