Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
There's an invalid read in OS_Regex that can be triggered by trying to match pattern that ends with an escaped character, with a string that matches the preceding pattern except the escaped character, e.g, pattern
ab\s
with stringabc
The invalid read is located at
The end of string (
\0
) of the patterns is located atpt+2
but the code tries to find it atpt+3
resulting in an invalid read.Fix & rationale
A fix is to change the affected line to
This fix
pt+3
, aspt+2
would be different than the end of the string, otherwisept+2
would be the end of the string , andpt+2
, as the short-circuit evaluation will prevent*(pt+3)
from being evaluated.Moreover, accesing to
pt + 1
cannot provoke an invalid read, see:*(pt + 0)
is known to be a BACKSLASH, and*(pt + 1)
must be a character, otherwise the regex would have not compiled.Q.E.D
Tests
Functional test