diff options
author | Jakub Jelinek <jakub@redhat.com> | 2011-12-30 17:13:56 -0500 |
---|---|---|
committer | Ulrich Drepper <drepper@gmail.com> | 2011-12-30 17:13:56 -0500 |
commit | 2ba92745c36eb3c3f3af0ce1b0aebd255c63a13b (patch) | |
tree | a903cdfb8d240977cabd19e853a1bf213f3026f6 /debug/catchsegv.sh | |
parent | c0da14cdda1fa552262ce3624156194eef43e973 (diff) | |
download | glibc-2ba92745c36eb3c3f3af0ce1b0aebd255c63a13b.tar glibc-2ba92745c36eb3c3f3af0ce1b0aebd255c63a13b.tar.gz glibc-2ba92745c36eb3c3f3af0ce1b0aebd255c63a13b.tar.bz2 glibc-2ba92745c36eb3c3f3af0ce1b0aebd255c63a13b.zip |
Fix up regcomp/regexec
The problem is that parse_bracket_symbol is miscompiled, and it turns
out it is because of an incorrect attribute on re_string_fetch_byte_case.
Unlike re_string_peek_byte_case, this one is really not pure, it modifies memory
(increments pstr->cur_idx), and with the pure attribute GCC assumed it doesn't
and it cached the presumed value of regexp->cur_idx in a variable across the
for (;; ++i)
{
if (i >= BRACKET_NAME_BUF_SIZE)
return REG_EBRACK;
if (token->type == OP_OPEN_CHAR_CLASS)
ch = re_string_fetch_byte_case (regexp);
else
ch = re_string_fetch_byte (regexp);
if (re_string_eoi(regexp))
return REG_EBRACK;
if (ch == delim && re_string_peek_byte (regexp, 0) == ']')
break;
elem->opr.name[i] = ch;
}
Diffstat (limited to 'debug/catchsegv.sh')
0 files changed, 0 insertions, 0 deletions