fix regcomp handling of backslash followed by high byte

the regex parser handles the (undefined) case of an unexpected byte following a backslash as a literal. however, instead of correctly decoding a character, it was treating the byte value itself as a character. this was not only semantically unjustified, but turned out to be dangerous on archs where plain char is signed: bytes in the range 252-255 alias the internal codes -4 through -1 used for special types of literal nodes in the AST. analogous to commit 39dfd58417 in mainline. it's unclear whether the same crash that affected mainline is possible in the older regcomp code in 1.0.x, but conceptually the bug is the same.
2024-11-23 18:14:19 +08:00 · 2015-03-30 02:13:59 -04:00 · 2015-03-30 02:13:59 -04:00 · ee6f8114df
commit ee6f8114df
parent 7987653d57
1 changed files with 1 additions and 4 deletions
--- a/src/regex/regcomp.c
+++ b/src/regex/regcomp.c
@ -1298,10 +1298,7 @@ tre_parse(tre_parse_ctx_t *ctx)
 		  else
 		    {
 		      /* Escaped character. */
-		      result = tre_ast_new_literal(ctx->mem, *ctx->re, *ctx->re,
-						   ctx->position);
-		      ctx->position++;
-		      ctx->re++;
+		      goto parse_literal;
 		    }
 		  break;
 		}