fix memory leak in regexec when input contains illegal sequence
authorSzabolcs Nagy <nsz@port70.net>
Fri, 5 Sep 2014 19:12:34 +0000 (15:12 -0400)
committerRich Felker <dalias@aerifal.cx>
Mon, 30 Mar 2015 05:15:44 +0000 (01:15 -0400)
(cherry picked from commit 546f6b322bcafa2452925c19f9607d9689c75f95)

src/regex/regexec.c

index 2e35b832803fd4199c2b19024be4982aa951fb7c..16c5d0ac5c7b5ae6f4a7aaa9313d474682ef6a85 100644 (file)
@@ -52,7 +52,7 @@ tre_fill_pmatch(size_t nmatch, regmatch_t pmatch[], int cflags,
 #define GET_NEXT_WCHAR() do {                                                 \
     prev_c = next_c; pos += pos_add_next;                                     \
     if ((pos_add_next = mbtowc(&next_c, str_byte, MB_LEN_MAX)) <= 0) {        \
-        if (pos_add_next < 0) return REG_NOMATCH;                             \
+        if (pos_add_next < 0) { ret = REG_NOMATCH; goto error_exit; }         \
         else pos_add_next++;                                                  \
     }                                                                         \
     str_byte += pos_add_next;                                                 \
@@ -181,6 +181,7 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
   int reg_notbol = eflags & REG_NOTBOL;
   int reg_noteol = eflags & REG_NOTEOL;
   int reg_newline = tnfa->cflags & REG_NEWLINE;
+  reg_errcode_t ret;
 
   char *buf;
   tre_tnfa_transition_t *trans_i;
@@ -439,11 +440,11 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
       reach_next_i->state = NULL;
     }
 
-  if (buf)
-    xfree(buf);
-
   *match_end_ofs = match_eo;
-  return match_eo >= 0 ? REG_OK : REG_NOMATCH;
+  ret = match_eo >= 0 ? REG_OK : REG_NOMATCH;
+error_exit:
+  xfree(buf);
+  return ret;
 }