Re: [dev] [sbase] grep: global-buffer-overflow

From: Roberto E. Vargas Caballero <k0ga_AT_shike2.net>
Date: Wed, 5 Nov 2025 11:47:07 +0100

Hi,

On Wed, Nov 05, 2025 at 12:14:03PM +0200, Santtu Lakkala wrote:
> Even this change actually fixes issues with -x:
>
> Before:
> $ printf 'foo\nfoo$\n' | ./grep -x 'foo$'
> foo$
>
> After:
> $ printf 'foo\nfoo$\n' | ./grep -x 'foo$'
> foo

Nice! I didn't realize about it xD

> While the real issue of using 'strlen() + 1' with 'fmemopen()' is not fixed,
> the use of 'strlen()' in addpattern ignores the (extra) string terminator
> included by getline().

Yes, I decided not changing the fmemopen() calls because we are protected
against NUL characters now. But thinking now, why adding a byte to ignore it
later? I think I am going to remove the +1 in every call.

> > /* a null BRE/ERE matches every line */
> > - if (!Fflag)
> > + if (!Fflag) {
> > if (pattern[0] == '\0')
> > - pattern = "^";
> > + pattern = beg;
>
> This is not needed, the problem always was READ access due to patlen
> mismatch:

Yes, you are right, an empty regex should match always. I am going
to remove the full if.

Regards,
Received on Wed Nov 05 2025 - 11:47:07 CET