Subject: [glib] gregex: Fix a potential use-after-free bug



commit 88e977266b92516b15f384e3990d90af557e0574
Author: Philip Withnall <[email protected]>
Date: Wed Jan 11 17:14:18 2017 +0000

gregex: Fix a potential use-after-free bug

If the match_info out argument is NULL, info will be freed, but then its
matches member will be accessed.

Spotted by Leslie Zhai <[email protected]>.

https://bugzilla.gnome.org/show_bug.cgi?id=777077

glib/gregex.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
---
diff --git a/glib/gregex.c b/glib/gregex.c
index bde1571..76a5104 100644
--- a/glib/gregex.c
+++ b/glib/gregex.c
@@ -1911,6 +1911,7 @@ g_regex_match_all_full (const GRegex *regex,
gboolean done;
pcre *pcre_re;
pcre_extra *extra;
+ gboolean retval;

g_return_val_if_fail (regex != NULL, FALSE);
g_return_val_if_fail (string != NULL, FALSE);
@@ -1984,13 +1985,14 @@ g_regex_match_all_full (const GRegex *regex,

/* set info->pos to -1 so that a call to g_match_info_next() fails. */
info->pos = -1;
+ retval = info->matches >= 0;

if (match_info != NULL)
*match_info = info;
else
g_match_info_free (info);

- return info->matches >= 0;
+ return retval;
}

/**
_______________________________________________
commits-list mailing list (read only)
https://mail.gnome.org/mailman/listinfo/commits-list

Want to limit the commits to a few modules? Go to above URL, log in to edit
your options and select the modules ('topics') you want.


Programming list archiving by: Enterprise Git Hosting