diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-07-09 10:42:25 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-07-09 10:42:25 +0000 |
| commit | d0cbbb0f2d9c63fb0cfc1832dc3c012d7cae6082 (patch) | |
| tree | 5c1d2decb900128f4ef5e2eb0e923380e6aab5c5 /usr.bin/mg | |
| parent | ab4a6a9177a7da851c39b6ad0818635dea4ac7ad (diff) | |
Avoid NULL deref in regexec when searching for empty lines.
Report & tweak from Hiltjo Posthuma
Diffstat (limited to 'usr.bin/mg')
| -rw-r--r-- | usr.bin/mg/re_search.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/usr.bin/mg/re_search.c b/usr.bin/mg/re_search.c index f8b5deef8a3..899d5c25502 100644 --- a/usr.bin/mg/re_search.c +++ b/usr.bin/mg/re_search.c @@ -1,4 +1,4 @@ -/* $OpenBSD: re_search.c,v 1.33 2017/08/06 04:39:45 bcallah Exp $ */ +/* $OpenBSD: re_search.c,v 1.34 2020/07/09 10:42:24 tb Exp $ */ /* This file is in the public domain. */ @@ -332,8 +332,8 @@ re_forwsrch(void) while (clp != (curbp->b_headp)) { regex_match[0].rm_so = tbo; regex_match[0].rm_eo = llength(clp); - error = regexec(®ex_buff, ltext(clp), RE_NMATCH, regex_match, - REG_STARTEND); + error = regexec(®ex_buff, ltext(clp) ? ltext(clp) : "", + RE_NMATCH, regex_match, REG_STARTEND); if (error != 0) { clp = lforw(clp); tdotline++; @@ -389,8 +389,9 @@ re_backsrch(void) * do this character-by-character after the first match since * POSIX regexps don't give you a way to do reverse matches. */ - while (!regexec(®ex_buff, ltext(clp), RE_NMATCH, regex_match, - REG_STARTEND) && regex_match[0].rm_so < tbo) { + while (!regexec(®ex_buff, ltext(clp) ? ltext(clp) : "", + RE_NMATCH, regex_match, REG_STARTEND) && + regex_match[0].rm_so <= tbo) { memcpy(&lastmatch, ®ex_match[0], sizeof(regmatch_t)); regex_match[0].rm_so++; regex_match[0].rm_eo = llength(clp); @@ -538,8 +539,8 @@ killmatches(int cond) /* see if line matches */ regex_match[0].rm_so = 0; regex_match[0].rm_eo = llength(clp); - error = regexec(®ex_buff, ltext(clp), RE_NMATCH, regex_match, - REG_STARTEND); + error = regexec(®ex_buff, ltext(clp) ? ltext(clp) : "", + RE_NMATCH, regex_match, REG_STARTEND); /* Delete line when appropriate */ if ((cond == FALSE && error) || (cond == TRUE && !error)) { @@ -613,8 +614,8 @@ countmatches(int cond) /* see if line matches */ regex_match[0].rm_so = 0; regex_match[0].rm_eo = llength(clp); - error = regexec(®ex_buff, ltext(clp), RE_NMATCH, regex_match, - REG_STARTEND); + error = regexec(®ex_buff, ltext(clp) ? ltext(clp) : "", + RE_NMATCH, regex_match, REG_STARTEND); /* Count line when appropriate */ if ((cond == FALSE && error) || (cond == TRUE && !error)) |