You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1997/06/22 18:09:09 UTC

Re: bug! in pregsub 

+1 

> Hmm. I just noticed that pregsub, a function in util.c that I wrote
> a long time ago, has a bug in it that causes Apache to die (with that
> cute "Ouch!  malloc failed" error). Surprising that no one noticed
> until now... but nothing that comes with Apache except mod_rewrite
> uses pregsub(), so I guess no one happened upon it.
> 
> The problem is that when it expands a variable, like $2, it checks to
> make sure that there are actually two matched elements in the
> regex. If not, it just skips the $2. It turns out it was one off, so
> if there were only two matches, it would think $3 existed, and try to
> put it into the substituted string. This is "undefined" according to
> the POSIX regex spec. On my machine, using the HP-UX regex library, it
> causes malloc errors. Perhaps on other OSes (or the Spencer package),
> it still works.
> 
> At any rate, here's the patch. I guess this is for 1.2.1 as well as
> 1.3:
> 
> Index: util.c
> ===================================================================
> RCS file: /export/home/cvs/apache/src/util.c,v
> retrieving revision 1.53
> diff -c -r1.53 util.c
> *** util.c	1997/06/15 19:22:34	1.53
> --- util.c	1997/06/22 09:39:17
> ***************
> *** 232,238 ****
>   	    if (c == '\\' && (*src == '$' || *src == '&'))
>   		c = *src++;
>   	    len++;
> ! 	} else if (no <= nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
>   	    len += pmatch[no].rm_eo - pmatch[no].rm_so;
>   	}
>   
> --- 232,238 ----
>   	    if (c == '\\' && (*src == '$' || *src == '&'))
>   		c = *src++;
>   	    len++;
> ! 	} else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
>   	    len += pmatch[no].rm_eo - pmatch[no].rm_so;
>   	}
>   
> ***************
> *** 256,262 ****
>   	    if (c == '\\' && (*src == '$' || *src == '&'))
>   		c = *src++;
>   	    *dst++ = c;
> ! 	} else if (no <= nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
>   	    len = pmatch[no].rm_eo - pmatch[no].rm_so;
>   	    strncpy(dst, source + pmatch[no].rm_so, len);
>   	    dst += len;
> --- 256,262 ----
>   	    if (c == '\\' && (*src == '$' || *src == '&'))
>   		c = *src++;
>   	    *dst++ = c;
> ! 	} else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
>   	    len = pmatch[no].rm_eo - pmatch[no].rm_so;
>   	    strncpy(dst, source + pmatch[no].rm_so, len);
>   	    dst += len;
> 
> 
> -- 
> ________________________________________________________________________
> Alexei Kosut <ak...@nueva.pvt.k12.ca.us>      The Apache HTTP Server
> URL: http://www.nueva.pvt.k12.ca.us/~akosut/   http://www.apache.org/