Found this with 'cppcheck': bre_special buffer is shorter than
pcre_special, that results in out-of-bounds read.
Feel free to modify the commit message, I didn't manage to invent something
expressive.
--
Best regards,
Anton
>From b37b6a1f3a21c2b3b4915b5e1f0cbc6cc67936ef Mon Sep 17 00:00:00 2001
From: Anton Ovchinnikov <revolver...@gmail.com>
Date: Thu, 5 Sep 2013 02:17:47 +0400
Subject: [PATCH] maint: fix buffer access out of bounds
* lib/regex-quote.c: change bre_special to pcre_special
---
lib/regex-quote.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/regex-quote.c b/lib/regex-quote.c
index 9a3f87d..770b427 100644
--- a/lib/regex-quote.c
+++ b/lib/regex-quote.c
@@ -104,7 +104,7 @@ regex_quote_spec_pcre (int options, bool anchored)
char *p;
p = result.special;
- memcpy (p, bre_special, sizeof (pcre_special) - 1);
+ memcpy (p, pcre_special, sizeof (pcre_special) - 1);
p += sizeof (pcre_special) - 1;
if (options & PCRE_EXTENDED)
{
--
1.8.3.1
