#656 Off by one error causes crash with certain optimizations

release
closed-fixed
Program (402)
5
2009-09-14
2009-09-14
Evan Teran
No

regularExp.c contains an off by one error. Default_Delimiters is defined as

static unsigned char Default_Delimiters [UCHAR_MAX] = {0};

Note, that UCHAR_MAX == 255 on most architectures. Later, makeDelimiterTable does the following on line 4089:

memset (table, 0, 256);

This overwrites one byte of an adjacent variable with 0, Most likely the Current_Delimiters variable. When compiling with "-O2 -finline-functions" this will cause a crash. (Also some versions of gcc will give a warning about the buffer overflow:

In file included from /usr/include/string.h:640,
from regularExp.c:83:
In function \u2018memset\u2019,
inlined from \u2018SetREDefaultWordDelimiters\u2019 at regularExp.c:4089:
/usr/include/bits/string3.h:85: warning: call to __builtin___memset_chk will always overflow destination buffer

Changing the declaration to be:

static unsigned char Default_Delimiters [UCHAR_MAX + 1] = {0};

or

static unsigned char Default_Delimiters [256] = {0}; /* since we are using magic numbers later, why not just hard code it! */

solves the problem

Discussion

  • Evan Teran

    Evan Teran - 2009-09-14

    Fix for off by one error

     
  • Eddy De Greef

    Eddy De Greef - 2009-09-14

    I've added the fix to CVS. Thanks.

     
  • Eddy De Greef

    Eddy De Greef - 2009-09-14
    • labels: --> Program
    • milestone: --> release
    • assigned_to: nobody --> edg
    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks