File fnmatch-read-eos.patch of Package glibc.1873
2015-03-02 Paul Pluzhnikov <ppluzhnikov@google.com>
[BZ #18036]
* posix/fnmatch_loop.c (END): Detect invalid pattern.
* posix/tst-fnmatch3.c (do_bz18036): Add test case.
2015-02-26 Andreas Schwab <schwab@suse.de>
[BZ #18032]
* posix/fnmatch_loop.c (FCT): Remove extra increment when skipping
over collating symbol inside a bracket expression. Minor cleanup.
* posix/tst-fnmatch3.c (do_test): Add test case.
2014-06-18 Andreas Schwab <schwab@suse.de>
[BZ #17062]
* posix/fnmatch_loop.c (FCT): Rerrange loop for skipping over rest
of a bracket expr not to run off the end of the string.
* posix/Makefile (tests): Add tst-fnmatch3.
* posix/tst-fnmatch3.c: New file.
Index: glibc-2.19/posix/Makefile
===================================================================
--- glibc-2.19.orig/posix/Makefile
+++ glibc-2.19/posix/Makefile
@@ -86,7 +86,8 @@ tests := tstgetopt testfnm runtests run
tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \
bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \
bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \
- tst-pathconf tst-getaddrinfo4
+ tst-pathconf tst-getaddrinfo4 \
+ tst-fnmatch3
xtests := bug-ga2
ifeq (yes,$(build-shared))
test-srcs := globtest
Index: glibc-2.19/posix/fnmatch_loop.c
===================================================================
--- glibc-2.19.orig/posix/fnmatch_loop.c
+++ glibc-2.19/posix/fnmatch_loop.c
@@ -899,11 +899,8 @@ FCT (pattern, string, string_end, no_lea
matched:
/* Skip the rest of the [...] that already matched. */
- do
+ while ((c = *p++) != L (']'))
{
- ignore_next:
- c = *p++;
-
if (c == L('\0'))
/* [... (unterminated) loses. */
return FNM_NOMATCH;
@@ -931,12 +928,11 @@ FCT (pattern, string, string_end, no_lea
if (c < L('a') || c >= L('z'))
{
- p = startp;
- goto ignore_next;
+ p = startp - 2;
+ break;
}
}
p += 2;
- c = *p++;
}
else if (c == L('[') && *p == L('='))
{
@@ -947,25 +943,21 @@ FCT (pattern, string, string_end, no_lea
if (c != L('=') || p[1] != L(']'))
return FNM_NOMATCH;
p += 2;
- c = *p++;
}
else if (c == L('[') && *p == L('.'))
{
- ++p;
while (1)
{
c = *++p;
- if (c == '\0')
+ if (c == L('\0'))
return FNM_NOMATCH;
- if (*p == L('.') && p[1] == L(']'))
+ if (c == L('.') && p[1] == L(']'))
break;
}
p += 2;
- c = *p++;
}
}
- while (c != L(']'));
if (not)
return FNM_NOMATCH;
}
@@ -1045,7 +1037,12 @@ END (const CHAR *pattern)
}
else if ((*p == L('?') || *p == L('*') || *p == L('+') || *p == L('@')
|| *p == L('!')) && p[1] == L('('))
- p = END (p + 1);
+ {
+ p = END (p + 1);
+ if (*p == L('\0'))
+ /* This is an invalid pattern. */
+ return pattern;
+ }
else if (*p == L(')'))
break;
Index: glibc-2.19/posix/tst-fnmatch3.c
===================================================================
--- /dev/null
+++ glibc-2.19/posix/tst-fnmatch3.c
@@ -0,0 +1,52 @@
+/* Test for fnmatch not reading past the end of the pattern.
+ Copyright (C) 2014 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <fnmatch.h>
+#include <sys/mman.h>
+#include <string.h>
+#include <unistd.h>
+
+int
+do_bz18036 (void)
+{
+ const char p[] = "**(!()";
+ const int pagesize = getpagesize ();
+
+ char *pattern = mmap (0, 2 * pagesize, PROT_READ|PROT_WRITE,
+ MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+ if (pattern == MAP_FAILED) return 1;
+
+ mprotect (pattern + pagesize, pagesize, PROT_NONE);
+ memset (pattern, ' ', pagesize);
+ strcpy (pattern, p);
+
+ return fnmatch (pattern, p, FNM_EXTMATCH);
+}
+
+int
+do_test (void)
+{
+ if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH)
+ return 1;
+ if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH)
+ return 1;
+ return do_bz18036 ();
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
