From 4a28f4d55a6cc33474c0792fe93b5942d81bf185 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Thu, 26 Feb 2015 14:55:24 +0100 Subject: [PATCH] Fix read past end of pattern in fnmatch (bug 18032) --- ChangeLog | 7 +++++++ NEWS | 2 +- posix/fnmatch_loop.c | 5 ++--- posix/tst-fnmatch3.c | 8 +++++--- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 432c35d..90c42c8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2015-02-26 Andreas Schwab + + [BZ #18032] + * posix/fnmatch_loop.c (FCT): Remove extra increment when skipping + over collating symbol inside a bracket expression. Minor cleanup. + * posix/tst-fnmatch3.c (do_test): Add test case. + 2015-02-26 Joseph Myers [BZ #18029] diff --git a/NEWS b/NEWS index 75e83e0..77e0814 100644 --- a/NEWS +++ b/NEWS @@ -12,7 +12,7 @@ Version 2.22 4719, 14841, 13064, 14094, 15319, 15467, 15790, 15969, 16560, 16783, 17269, 17523, 17569, 17588, 17792, 17836, 17912, 17916, 17932, 17944, 17949, 17964, 17965, 17967, 17969, 17978, 17987, 17991, 17996, 17998, - 17999, 18019, 18020, 18029. + 17999, 18019, 18020, 18029, 18032. * Character encoding and ctype tables were updated to Unicode 7.0.0, using new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c index c0cb2fc..72c5d8f 100644 --- a/posix/fnmatch_loop.c +++ b/posix/fnmatch_loop.c @@ -945,14 +945,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) } else if (c == L('[') && *p == L('.')) { - ++p; while (1) { c = *++p; - if (c == '\0') + if (c == L('\0')) return FNM_NOMATCH; - if (*p == L('.') && p[1] == L(']')) + if (c == L('.') && p[1] == L(']')) break; } p += 2; diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c index d27a557..75bc00a 100644 --- a/posix/tst-fnmatch3.c +++ b/posix/tst-fnmatch3.c @@ -21,9 +21,11 @@ int do_test (void) { - const char *pattern = "[[:alpha:]'[:alpha:]\0]"; - - return fnmatch (pattern, "a", 0) != FNM_NOMATCH; + if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH) + return 1; + if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH) + return 1; + return 0; } #define TEST_FUNCTION do_test () -- 2.7.4