Andreas Schwab <[EMAIL PROTECTED]> writes:
> It's causing a write beyond object bounds, since ASCII_CHARS is greater
> than sizeof (bitset_t):
Thanks for reporting that. I installed the following patch into
gnulib and coreutils head. There's no need to worry about this for
coreutils 5.9x since it doesn't use the new version.
2006-06-04 Paul Eggert <[EMAIL PROTECTED]>
* regexec.c (group_nodes_into_DFAstates): Fix a buffer overrun
reported by Andreas Schwab.
--- regexec.c 10 Apr 2006 06:46:08 -0000 1.5
+++ regexec.c 5 Jun 2006 05:21:47 -0000 1.6
@@ -1,5 +1,5 @@
/* Extended regular expression matching and search library.
- Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+ Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Isamu Hasegawa <[EMAIL PROTECTED]>.
@@ -3615,7 +3615,7 @@ group_nodes_into_DFAstates (const re_dfa
else if (type == OP_UTF8_PERIOD)
{
if (ASCII_CHARS % BITSET_WORD_BITS == 0)
- memset (accepts, -1, ASCII_CHARS);
+ memset (accepts, -1, ASCII_CHARS / CHAR_BIT);
else
bitset_merge (accepts, utf8_sb_map);
if (!(dfa->syntax & RE_DOT_NEWLINE))
