diff options
author | David Mitchell <davem@iabyn.com> | 2015-04-28 10:20:14 +0100 |
---|---|---|
committer | David Mitchell <davem@iabyn.com> | 2015-04-28 17:17:39 +0100 |
commit | 122af3100408d1e1ee6b6583ec1d84a85f0a0f3a (patch) | |
tree | 187b11f052eb9139efa8c51f1a119828d9aec81f /regexec.c | |
parent | b77ebf74c6d61f12ef717fd4bd6f765479481ca1 (diff) | |
download | perl-122af3100408d1e1ee6b6583ec1d84a85f0a0f3a.tar.gz |
avoid uninit read in re_op_compile()
Some code in this function examines the first two nodes in the regex to
set suitable flags etc. Part of the code accesses the second node
by using regnext(first), other parts by NEXTOPER(first). The second method
only works when the node is the same size as a basic node. I *think*
that the code only makes use of this second value in situations where
the node *is* basic, but nevertheless, it makes valgrind unhappy when
the first node is an EXACT node, and reading the second node's
supposed type field is actually reading the padding bytes at the end of
the EXACT string, which are uninitialised.
So just use regnext() only.
Something as simple as /x/ on non-debugging builds was enough to make
valgrind complain. (On debugging builds, the program buffer is initially
zero-filled.)
Diffstat (limited to 'regexec.c')
0 files changed, 0 insertions, 0 deletions