Date: Tue, 17 Feb 2004 10:37:53 -0800 From: Tim Kientzle <kientzle@acm.org> To: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz> Cc: freebsd-hackers@freebsd.org Subject: Re: signed char bug in regexp library Message-ID: <40325F81.502@acm.org> In-Reply-To: <Pine.LNX.4.58.0402162039280.18066@artax.karlin.mff.cuni.cz> References: <Pine.LNX.4.58.0402162039280.18066@artax.karlin.mff.cuni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Mikulas Patocka wrote:
> Hi
>
> I ripped regexp library from FreeBSD 4 and use it in another program. I
> get random crashes because the library casts char to int and uses it as
> array index ... the most obvious case is engine.i:189:
> register char *dp;
> dp += charjump[(int)*dp];
> but there are many more and I'm unable to spot them all.
This problem was fixed in 2000 by offsetting the array
so that accesses such as the above work correctly.
A key part of the fix is this line in regcomp.c:
g->charjump = &g->charjump[-(CHAR_MIN)];
Here's the log entry:
----------------------------
revision 1.20
date: 2000/07/07 07:46:36; author: dcs; state: Exp; lines: +6 -4
Deal with the signed/unsigned chars issue in a more proper manner. We
use a CHAR_MIN-based array, like elsewhere in the code.
Remove a number of unused variables (some due to the above change, one
that was left after a number of optimizing steps through the source).
Brucified by: bde
----------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40325F81.502>