signed char bug in regexp library

Tim Kientzle kientzle at
Tue Feb 17 10:37:57 PST 2004

Mikulas Patocka wrote:
> Hi
> I ripped regexp library from FreeBSD 4 and use it in another program. I
> get random crashes because the library casts char to int and uses it as
> array index ... the most obvious case is engine.i:189:
> register char *dp;
> dp += charjump[(int)*dp];
> but there are many more and I'm unable to spot them all.

This problem was fixed in 2000 by offsetting the array
so that accesses such as the above work correctly.
A key part of the fix is this line in regcomp.c:

         g->charjump = &g->charjump[-(CHAR_MIN)];

Here's the log entry:

revision 1.20
date: 2000/07/07 07:46:36;  author: dcs;  state: Exp;  lines: +6 -4
Deal with the signed/unsigned chars issue in a more proper manner. We
use a CHAR_MIN-based array, like elsewhere in the code.

Remove a number of unused variables (some due to the above change, one
that was left after a number of optimizing steps through the source).

Brucified by: bde

More information about the freebsd-hackers mailing list