ref: 0048c96e94c732c6fb2ebe50eeb3450c1672fe0f
parent: 75c017ca09a70e14a862f7285cf91bb87ec1f443
author: Todd C. Miller <Todd.Miller@sudo.ws>
date: Thu Sep 21 07:20:16 EDT 2023
Use cclenter("") to construct an empty CCL, not tostring("").
We need to store a UTF-32 string, not a UTF-8 string, for consistency
with the other CCL code. Fixes an out-of-bounds read of an empty
CCL.
--- a/b.c
+++ b/b.c
@@ -945,7 +945,7 @@
rtok = relex();
if (rtok == ')') { /* special pleading for () */rtok = relex();
- return unary(op2(CCL, NIL, (Node *) tostring("")));+ return unary(op2(CCL, NIL, (Node *) cclenter("")));}
np = regexp();
if (rtok == ')') {@@ -968,7 +968,7 @@
return (concat(op2(CAT, np, primary())));
case EMPTYRE:
rtok = relex();
- return (concat(op2(CAT, op2(CCL, NIL, (Node *) tostring("")),+ return (concat(op2(CAT, op2(CCL, NIL, (Node *) cclenter("")),primary())));
}
return (np);
--
⑨