New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix a stack corruption issue in CFRegularExpression (SR-1003) #301

Merged
merged 1 commit into from Mar 30, 2016

Conversation

Projects
None yet
2 participants
@pushkarnk
Collaborator

pushkarnk commented Mar 24, 2016

This is the proposed fix for https://bugs.swift.org/browse/SR-1003

The function _CFRegularExpressionEnumerateMatchesInString() walks the text
searching for occurrences of the pattern. For every occurrence, it populates
a CFRange array. If the number of capture groups is not greater than 7, it
uses an array on the stack (instead of mallocing one). However, the total
number of CFRanges inserted is (number of capture groups + 1). The last
insert can corrupt the stack if the number of capture groups is 7 and change the
values of other locals leading to unexplained behaviour.

Fix a stack corruption issue in CFRegularExpression
The function _CFRegularExpressionEnumerateMatchesInString() walks the text
searching for occurrences of the pattern. For every occurrence, it populates
a CFRange array. If the number of capture groups is not greater than 7, it
uses an array on the stack (instead of mallocing one). However, the total
number of CFRanges inserted is (number of capture groups + 1). The last
insert can corrupt the stack if the number of capture groups is 7.

@phausler phausler merged commit fc1ef5d into apple:master Mar 30, 2016

@pushkarnk pushkarnk deleted the pushkarnk:sr-1003 branch Apr 12, 2016

millenomi pushed a commit to millenomi/swift-corelibs-foundation that referenced this pull request Jan 8, 2018

Merge pull request #301 from ktopley-apple/dispatch-time-overflows
Fix overflow traps in DispatchTime/DispatchWallTime/DispatchTimeInterval
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment