[glib] gregex: Fix a potential use-after-free bug



commit 88e977266b92516b15f384e3990d90af557e0574
Author: Philip Withnall <withnall endlessm com>
Date:   Wed Jan 11 17:14:18 2017 +0000

    gregex: Fix a potential use-after-free bug
    
    If the match_info out argument is NULL, info will be freed, but then its
    matches member will be accessed.
    
    Spotted by Leslie Zhai <xiangzhai83 gmail com>.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=777077

 glib/gregex.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)
---
diff --git a/glib/gregex.c b/glib/gregex.c
index bde1571..76a5104 100644
--- a/glib/gregex.c
+++ b/glib/gregex.c
@@ -1911,6 +1911,7 @@ g_regex_match_all_full (const GRegex      *regex,
   gboolean done;
   pcre *pcre_re;
   pcre_extra *extra;
+  gboolean retval;
 
   g_return_val_if_fail (regex != NULL, FALSE);
   g_return_val_if_fail (string != NULL, FALSE);
@@ -1984,13 +1985,14 @@ g_regex_match_all_full (const GRegex      *regex,
 
   /* set info->pos to -1 so that a call to g_match_info_next() fails. */
   info->pos = -1;
+  retval = info->matches >= 0;
 
   if (match_info != NULL)
     *match_info = info;
   else
     g_match_info_free (info);
 
-  return info->matches >= 0;
+  return retval;
 }
 
 /**


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]