misc/86038: glob(3) function GLOB_BRACE flaw
Gerd Rausch
gerd at juniper.net
Mon Sep 12 15:40:46 PDT 2005
>Number: 86038
>Category: misc
>Synopsis: glob(3) function GLOB_BRACE flaw
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 12 22:40:22 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Gerd Rausch
>Release: 4.10, 4.11
>Organization:
Juniper Networks, Inc.
>Environment:
>Description:
The libc glob function had a bug that when using
csh-style GLOB_BRACE: the part of the pattern preceeding a square
bracket was skipped. This was caused by re-using "pl" inside an
inner loop, whereas "pl" was needed later on again.
I guess that bug remained undiscovered since many people don't use
GLOB_BRACE with libc's glob function; shells (csh, zsh, etc.) have
their own implementation.
>How-To-Repeat:
Compile & use: "{.[!.],..?,}*"
>Fix:
--- glob.c- Wed Sep 18 07:13:31 2002
+++ glob.c Mon Sep 12 15:29:11 2005
@@ -247,7 +247,7 @@
{
int i;
Char *lm, *ls;
- const Char *pe, *pm, *pl;
+ const Char *pe, *pm, *pl, *pl2;
Char patbuf[MAXPATHLEN];
/* copy part up to the brace */
@@ -288,14 +288,14 @@
switch (*pm) {
case LBRACKET:
/* Ignore everything between [] */
- for (pl = pm++; *pm != RBRACKET && *pm != EOS; pm++)
+ for (pl2 = pm++; *pm != RBRACKET && *pm != EOS; pm++)
continue;
if (*pm == EOS) {
/*
* We could not find a matching RBRACKET.
* Ignore and just look for RBRACE
*/
- pm = pl;
+ pm = pl2;
}
break;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list