Merge "grep: fix ASan heap-buffer-overflow."
am: acf9cfbf80
Change-Id: Ifcf8b3cf89e3f8b6d703e2a73cac7b036d013318
This commit is contained in:
Elliott Hughes
android-build-merger
commit
2b0467de5d
1 changed files with 11 additions and 11 deletions
|
|
@ -63,7 +63,7 @@ static gzFile gzbufdesc;
|
||||||
static BZFILE* bzbufdesc;
|
static BZFILE* bzbufdesc;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static unsigned char buffer[MAXBUFSIZ];
|
static unsigned char buffer[MAXBUFSIZ + 1];
|
||||||
static unsigned char *bufpos;
|
static unsigned char *bufpos;
|
||||||
static size_t bufrem;
|
static size_t bufrem;
|
||||||
|
|
||||||
|
|
@ -128,7 +128,7 @@ grep_refill(struct file *f)
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int
|
static inline void
|
||||||
grep_lnbufgrow(size_t newlen)
|
grep_lnbufgrow(size_t newlen)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
@ -136,8 +136,6 @@ grep_lnbufgrow(size_t newlen)
|
||||||
lnbuf = grep_realloc(lnbuf, newlen);
|
lnbuf = grep_realloc(lnbuf, newlen);
|
||||||
lnbuflen = newlen;
|
lnbuflen = newlen;
|
||||||
}
|
}
|
||||||
|
|
||||||
return (0);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
char *
|
char *
|
||||||
|
|
@ -162,20 +160,22 @@ grep_fgetln(struct file *f, size_t *lenp)
|
||||||
/* Look for a newline in the remaining part of the buffer */
|
/* Look for a newline in the remaining part of the buffer */
|
||||||
if ((p = memchr(bufpos, line_sep, bufrem)) != NULL) {
|
if ((p = memchr(bufpos, line_sep, bufrem)) != NULL) {
|
||||||
++p; /* advance over newline */
|
++p; /* advance over newline */
|
||||||
ret = (char *)bufpos;
|
|
||||||
len = p - bufpos;
|
len = p - bufpos;
|
||||||
|
grep_lnbufgrow(len + 1);
|
||||||
|
memcpy(lnbuf, bufpos, len);
|
||||||
|
lnbuf[len] = '\0';
|
||||||
|
*lenp = len;
|
||||||
bufrem -= len;
|
bufrem -= len;
|
||||||
bufpos = p;
|
bufpos = p;
|
||||||
*lenp = len;
|
return ((char *)lnbuf);
|
||||||
return (ret);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We have to copy the current buffered data to the line buffer */
|
/* We have to copy the current buffered data to the line buffer */
|
||||||
for (len = bufrem, off = 0; ; len += bufrem) {
|
for (len = bufrem, off = 0; ; len += bufrem) {
|
||||||
/* Make sure there is room for more data */
|
/* Make sure there is room for more data */
|
||||||
if (grep_lnbufgrow(len + LNBUFBUMP))
|
grep_lnbufgrow(len + LNBUFBUMP);
|
||||||
goto error;
|
|
||||||
memcpy(lnbuf + off, bufpos, len - off);
|
memcpy(lnbuf + off, bufpos, len - off);
|
||||||
|
lnbuf[len] = '\0';
|
||||||
off = len;
|
off = len;
|
||||||
if (grep_refill(f) != 0)
|
if (grep_refill(f) != 0)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
@ -188,9 +188,9 @@ grep_fgetln(struct file *f, size_t *lenp)
|
||||||
++p;
|
++p;
|
||||||
diff = p - bufpos;
|
diff = p - bufpos;
|
||||||
len += diff;
|
len += diff;
|
||||||
if (grep_lnbufgrow(len))
|
grep_lnbufgrow(len + 1);
|
||||||
goto error;
|
|
||||||
memcpy(lnbuf + off, bufpos, diff);
|
memcpy(lnbuf + off, bufpos, diff);
|
||||||
|
lnbuf[off + diff] = '\0';
|
||||||
bufrem -= diff;
|
bufrem -= diff;
|
||||||
bufpos = p;
|
bufpos = p;
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue