summaryrefslogtreecommitdiff
path: root/regexec.c
diff options
context:
space:
mode:
authorDavid Mitchell <davem@iabyn.com>2015-04-28 10:20:14 +0100
committerDavid Mitchell <davem@iabyn.com>2015-04-28 17:17:39 +0100
commit122af3100408d1e1ee6b6583ec1d84a85f0a0f3a (patch)
tree187b11f052eb9139efa8c51f1a119828d9aec81f /regexec.c
parentb77ebf74c6d61f12ef717fd4bd6f765479481ca1 (diff)
downloadperl-122af3100408d1e1ee6b6583ec1d84a85f0a0f3a.tar.gz
avoid uninit read in re_op_compile()
Some code in this function examines the first two nodes in the regex to set suitable flags etc. Part of the code accesses the second node by using regnext(first), other parts by NEXTOPER(first). The second method only works when the node is the same size as a basic node. I *think* that the code only makes use of this second value in situations where the node *is* basic, but nevertheless, it makes valgrind unhappy when the first node is an EXACT node, and reading the second node's supposed type field is actually reading the padding bytes at the end of the EXACT string, which are uninitialised. So just use regnext() only. Something as simple as /x/ on non-debugging builds was enough to make valgrind complain. (On debugging builds, the program buffer is initially zero-filled.)
Diffstat (limited to 'regexec.c')
0 files changed, 0 insertions, 0 deletions