https://gcc.gnu.org/g:43717ee9064e73d0ad0cfb4f8f937ba9f5cbcc51
commit r16-589-g43717ee9064e73d0ad0cfb4f8f937ba9f5cbcc51
Author: Andreas Schwab <sch...@suse.de>
Date: Wed May 7 09:46:19 2025 +0200
libiberty: Fix off-by-one when collecting range expression
Fixes this error during build of fixincludes:
In function ‘byte_regex_compile’,
inlined from ‘xregcomp’ at ../libiberty/../../libiberty/regex.c:7973:11:
../libiberty/../../libiberty/regex.c:3477:29: warning: writing 1 byte into
a region of size 0 [-Wstringop-overflow=]
3477 | str[c1] = '\0';
| ^
../libiberty/../../libiberty/regex.c: In function ‘xregcomp’:
../libiberty/../../libiberty/regex.c:3454:35: note: at offset 128 into
destination object ‘str’ of size 128
3454 | unsigned char str[128]; /* Should be large
enough. */
| ^
* regex.c (regex_compile): Don't write beyond array bounds when
collecting range expression.
Diff:
---
libiberty/regex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libiberty/regex.c b/libiberty/regex.c
index bc36f43d450a..8337deaef5af 100644
--- a/libiberty/regex.c
+++ b/libiberty/regex.c
@@ -3468,7 +3468,7 @@ PREFIX(regex_compile) (const char *ARG_PREFIX(pattern),
PATFETCH (c);
if ((c == '.' && *p == ']') || p == pend)
break;
- if (c1 < sizeof (str))
+ if (c1 < sizeof (str) - 1)
str[c1++] = c;
else
/* This is in any case an invalid class name. */
