As reported by Al Viro:
take Midnight Commander. Go to directory that contains some files. Press <+><CR><+><+><CR><CR><+><+><CR> (<+> being the grey one). IOW, the first invalid regexp and we are toast - old_pattern is freed and not reset to NULL. Next call of regexp_match() and we've got a double-free. What's really pissing off is that caller takes care to tell you that regexp is invalid. In large red window. I.e. they had added error reporting and had _never_ given it a try, not to mention giving code a review. Sigh...
Этот коммит содержится в:
Alan Cox
родитель
077795e8fc
Коммит
1a0ab78ea8
@ -489,6 +489,7 @@ int regexp_match (char *pattern, char *string, int match_type)
|
||||
if (old_pattern){
|
||||
regfree (&r);
|
||||
g_free (old_pattern);
|
||||
old_pattern = NULL;
|
||||
}
|
||||
pattern = convert_pattern (pattern, match_type, 0);
|
||||
if (regcomp (&r, pattern, REG_EXTENDED|REG_NOSUB|MC_ARCH_FLAGS)) {
|
||||
|
||||
Загрузка…
Ссылка в новой задаче
Block a user