diff mbox

[libstdc++/63497] Avoid dereferencing invalid iterator in regex_executor

Message ID CAG4ZjNndpySnbF_Hhm2wv3EC-GE4g-fRUpQQ=kp6g4iWQoifeg@mail.gmail.com
State New
Headers show

Commit Message

Tim Shen Nov. 25, 2014, 8:41 a.m. UTC 
On Wed, Oct 22, 2014 at 8:19 PM, Tim Shen <timshen@google.com> wrote:
> Committed. Thank you too!

I'm backporting this patch to gcc-4_9-branch. Do we usually boot &
test it and then commit directly, or it should be reviewed again?

Comments

Jonathan Wakely Nov. 25, 2014, 10:34 a.m. UTC | #1 
On 25/11/14 00:41 -0800, Tim Shen wrote:
>On Wed, Oct 22, 2014 at 8:19 PM, Tim Shen <timshen@google.com> wrote:
>> Committed. Thank you too!
>
>I'm backporting this patch to gcc-4_9-branch. Do we usually boot &
>test it and then commit directly, or it should be reviewed again?

I approved it for the branch (in the bugzilla comments) so usually you
could just test it and commit it ... but since you asked ... maybe you
should leave the _M_word_boundary signature unchanged for the branch,
since the unused parameter doesn't do any harm and removing it isn't
needed for the fix to work.
diff mbox

Patch

diff --git a/libstdc++-v3/include/bits/regex_executor.h b/libstdc++-v3/include/bits/regex_executor.h
index 708c78e..0d1b676 100644
--- a/libstdc++-v3/include/bits/regex_executor.h
+++ b/libstdc++-v3/include/bits/regex_executor.h
@@ -134,7 +134,7 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
       }
 
       bool
-      _M_word_boundary(_State<_TraitsT> __state) const;
+      _M_word_boundary() const;
 
       bool
       _M_lookahead(_State<_TraitsT> __state);
diff --git a/libstdc++-v3/include/bits/regex_executor.tcc b/libstdc++-v3/include/bits/regex_executor.tcc
index 052302b..ef49161 100644
--- a/libstdc++-v3/include/bits/regex_executor.tcc
+++ b/libstdc++-v3/include/bits/regex_executor.tcc
@@ -257,7 +257,7 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
 	    _M_dfs<__match_mode>(__state._M_next);
 	  break;
 	case _S_opcode_word_boundary:
-	  if (_M_word_boundary(__state) == !__state._M_neg)
+	  if (_M_word_boundary() == !__state._M_neg)
 	    _M_dfs<__match_mode>(__state._M_next);
 	  break;
 	// Here __state._M_alt offers a single start node for a sub-NFA.
@@ -267,9 +267,11 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
 	    _M_dfs<__match_mode>(__state._M_next);
 	  break;
 	case _S_opcode_match:
+	  if (_M_current == _M_end)
+	    break;
 	  if (__dfs_mode)
 	    {
-	      if (_M_current != _M_end && __state._M_matches(*_M_current))
+	      if (__state._M_matches(*_M_current))
 		{
 		  ++_M_current;
 		  _M_dfs<__match_mode>(__state._M_next);
@@ -348,25 +350,26 @@  _GLIBCXX_BEGIN_NAMESPACE_VERSION
   template<typename _BiIter, typename _Alloc, typename _TraitsT,
     bool __dfs_mode>
     bool _Executor<_BiIter, _Alloc, _TraitsT, __dfs_mode>::
-    _M_word_boundary(_State<_TraitsT> __state) const
+    _M_word_boundary() const
     {
-      // By definition.
-      bool __ans = false;
-      auto __pre = _M_current;
-      --__pre;
-      if (!(_M_at_begin() && _M_at_end()))
+      bool __left_is_word = false;
+      if (_M_current != _M_begin
+	  || (_M_flags & regex_constants::match_prev_avail))
 	{
-	  if (_M_at_begin())
-	    __ans = _M_is_word(*_M_current)
-	      && !(_M_flags & regex_constants::match_not_bow);
-	  else if (_M_at_end())
-	    __ans = _M_is_word(*__pre)
-	      && !(_M_flags & regex_constants::match_not_eow);
-	  else
-	    __ans = _M_is_word(*_M_current)
-	      != _M_is_word(*__pre);
+	  auto __prev = _M_current;
+	  if (_M_is_word(*std::prev(__prev)))
+	    __left_is_word = true;
 	}
-      return __ans;
+      bool __right_is_word =
+	_M_current != _M_end && _M_is_word(*_M_current);
+
+      if (__left_is_word == __right_is_word)
+	return false;
+      if (__left_is_word && !(_M_flags & regex_constants::match_not_eow))
+	return true;
+      if (__right_is_word && !(_M_flags & regex_constants::match_not_bow))
+	return true;
+      return false;
     }
 
 _GLIBCXX_END_NAMESPACE_VERSION