Re: Few warnings in cvs

To: mutt-dev@xxxxxxxx
Subject: Re: Few warnings in cvs
From: Vincent Lefevre <vincent@xxxxxxxxxx>
Date: Tue, 14 Nov 2006 17:22:02 +0100
In-reply-to: <Pine.LNX.4.64.0611141618380.17653@xxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
Mail-followup-to: mutt-dev@xxxxxxxx
References: <Pine.LNX.4.64.0611141618380.17653@xxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.13-vl-r14852 (2006-11-01)

On 2006-11-14 16:20:24 +0100, Adam Wysocki wrote:
> --- regex.c~    2006-11-14 16:11:59.000000000 +0100
> +++ regex.c     2006-11-14 16:13:01.000000000 +0100
> @@ -2196,8 +2196,7 @@
>                      for (;;)
>                        {
>                          PATFETCH (c);
> -                        if (c == ':' || c == ']' || p == pend
> -                            || c1 == CHAR_CLASS_MAX_LENGTH)
> +                        if (c == ':' || c == ']' || p == pend)
>                            break;
>                          str[c1++] = c;
>                        }

AFAIK, this change may lead to a buffer overflow or infinite loop.
BTW, I don't think that using c1 (an unsigned char) as an index is
a good idea.

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)

Follow-Ups:
- Re: Few warnings in cvs
  - From: Rocco Rutte

References:
- Few warnings in cvs
  - From: Adam Wysocki

Prev by Date: Few warnings in cvs
Next by Date: Re: [PATCH] display search progress with $search_inc
Previous by thread: Few warnings in cvs
Next by thread: Re: Few warnings in cvs
Index(es):
- Date
- Thread