From: Jim Meyering <meyering@fb.com>
Date: Sun, 13 Jul 2014 00:07:21 +0000 (-0700)
Subject: regex: don't deref NULL upon heap allocation failure
X-Git-Tag: glibc-2.20~100
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7ee03f00188723a4de2b85021e511ced6d7fc4be;p=platform%2Fupstream%2Fglibc.git

regex: don't deref NULL upon heap allocation failure

* posix/regcomp.c: (parse_dup_op): Handle duplicate_tree
failure in one more place.
To trigger the segfault, configure grep -with-included-regex,
build it, and run these commands:
( ulimit -v 300000; echo a|src/grep -E a+++++++++++++++++++++ )
---

diff --git a/ChangeLog b/ChangeLog
index 3dd3cf0..41247ec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2014-07-13  Jim Meyering  <meyering@fb.com>
+
+	[BZ 17150]
+	regex: don't deref NULL upon heap allocation failure
+	* posix/regcomp.c: (parse_dup_op): Handle duplicate_tree
+	failure in one more place.
+	To trigger the segfault, configure grep -with-included-regex,
+	build it, and run these commands:
+	( ulimit -v 300000; echo a|src/grep -E a+++++++++++++++++++++ )
+
 2014-07-13  Andreas Schwab  <schwab@linux-m68k.org>
 
 	* sysdeps/m68k/m680x0/fpu/libm-test-ulps: Update.
diff --git a/posix/regcomp.c b/posix/regcomp.c
index 076eca3..8f2747b 100644
--- a/posix/regcomp.c
+++ b/posix/regcomp.c
@@ -2582,6 +2582,8 @@ parse_dup_op (bin_tree_t *elem, re_string_t *regexp, re_dfa_t *dfa,
 
       /* Duplicate ELEM before it is marked optional.  */
       elem = duplicate_tree (elem, dfa);
+      if (BE (elem == NULL, 0))
+        goto parse_dup_op_espace;
       old_tree = tree;
     }
   else