[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#15307: minor fix to dfa.c
From: |
Jim Meyering |
Subject: |
bug#15307: minor fix to dfa.c |
Date: |
Wed, 11 Sep 2013 08:36:52 -0700 |
On Sun, Sep 8, 2013 at 11:01 AM, Jim Meyering <address@hidden> wrote:
> On Sun, Sep 8, 2013 at 2:53 AM, Aharon Robbins <address@hidden> wrote:
>> The following fix to dfa.c was suggested by a static checking tool.
>> I'm applying it in the gawk code base.
>>
>> Basically, it's theoretically possible for len to have run off the end
>> of the `str' array.
>>...
>
> Hi Arnold,
>
> Thanks, but that makes it look like "str" will instead fail to be
> NUL-terminated,
> in which case the following strcmp (aka STREQ) would overrun the buffer.
> Yes, this is all theoretical, but still...
>
> I see that the current limit is 31:
>
> $ for i in 30 31 32 33; do printf "$i "; src/grep -E '[[:'$(perl -e
> 'print "a"x'$i)':]]'; done
> 30 src/grep: Invalid character class name
> 31 src/grep: Invalid character class name
> 32 src/grep: Unmatched [ or [^
> 33 src/grep: Unmatched [ or [^
>
> So I propose this patch instead:
Hi Arnold,
I was going to push that change, but then realized I didn't know
which static analysis tool you were referring to. Which was it?