shithub: libmujs

Info  •  Files  •  Log  •  Branches

Fix 697381: check allocation when compiling regular expressions.

Also use allocator callback function.

--- a/jsgc.c

+++ b/jsgc.c

@@ -46,7 +46,7 @@

 		jsG_freeproperty(J, obj->head);

 	if (obj->type == JS_CREGEXP) {

 		js_free(J, obj->u.r.source);

-		js_regfree(obj->u.r.prog);

+		js_regfreex(J->alloc, J->actx, obj->u.r.prog);

 	}

 	if (obj->type == JS_CITERATOR)

 		jsG_freeiterator(J, obj->u.iter.head);

--- a/jsregexp.c

+++ b/jsregexp.c

@@ -16,7 +16,7 @@

 	if (flags & JS_REGEXP_I) opts |= REG_ICASE;

 	if (flags & JS_REGEXP_M) opts |= REG_NEWLINE;

-	prog = js_regcomp(pattern, opts, &error);

+	prog = js_regcompx(J->alloc, J->actx, pattern, opts, &error);

 	if (!prog)

 		js_syntaxerror(J, "regular expression: %s", error);

--- a/jsstate.c

+++ b/jsstate.c

@@ -9,12 +9,6 @@

 static void *js_defaultalloc(void *actx, void *ptr, int size)

 {

-	if (size == 0) {

-		free(ptr);

-		return NULL;

-	}

-	if (!ptr)

-		return malloc((size_t)size);

 	return realloc(ptr, (size_t)size);

 }

--- a/regexp.c

+++ b/regexp.c

@@ -807,7 +807,8 @@

 }

 #endif

-Reprog *regcomp(const char *pattern, int cflags, const char **errorp)

+Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,

+	const char *pattern, int cflags, const char **errorp)

 {

 	struct cstate g;

 	Renode *node;

@@ -814,16 +815,23 @@

 	Reinst *split, *jump;

 	int i;

-	g.prog = malloc(sizeof (Reprog));

-	g.pstart = g.pend = malloc(sizeof (Renode) * strlen(pattern) * 2);

+	g.pstart = NULL;

+	g.prog = NULL;

 	if (setjmp(g.kaboom)) {

 		if (errorp) *errorp = g.error;

-		free(g.pstart);

-		free(g.prog);

+		alloc(ctx, g.pstart, 0);

+		alloc(ctx, g.prog, 0);

 		return NULL;

 	}

+	g.prog = alloc(ctx, NULL, sizeof (Reprog));

+	if (!g.prog)

+		die(&g, "cannot allocate regular expression");

+	g.pstart = g.pend = alloc(ctx, NULL, sizeof (Renode) * strlen(pattern) * 2);

+	if (!g.pstart)

+		die(&g, "cannot allocate regular expression parse list");

+

 	g.source = pattern;

 	g.ncclass = 0;

 	g.nsub = 1;

@@ -840,7 +848,9 @@

 		die(&g, "syntax error");

 	g.prog->nsub = g.nsub;

-	g.prog->start = g.prog->end = malloc((count(node) + 6) * sizeof (Reinst));

+	g.prog->start = g.prog->end = alloc(ctx, NULL, (count(node) + 6) * sizeof (Reinst));

+	if (!g.prog->start)

+		die(&g, "cannot allocate regular expression instruction list");

 	split = emit(g.prog, I_SPLIT);

 	split->x = split + 3;

@@ -859,18 +869,33 @@

 	dumpprog(g.prog);

 #endif

-	free(g.pstart);

+	alloc(ctx, g.pstart, 0);

 	if (errorp) *errorp = NULL;

 	return g.prog;

 }

-void regfree(Reprog *prog)

+void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx, Reprog *prog)

 {

 	if (prog) {

-		free(prog->start);

-		free(prog);

+		alloc(ctx, prog->start, 0);

+		alloc(ctx, prog, 0);

 	}

+}

+

+static void *default_alloc(void *ctx, void *p, int n)

+{

+	return realloc(p, (size_t)n);

+}

+

+Reprog *regcomp(const char *pattern, int cflags, const char **errorp)

+{

+	return regcompx(default_alloc, NULL, pattern, cflags, errorp);

+}

+

+void regfree(Reprog *prog)

+{

+	regfreex(default_alloc, NULL, prog);

 }

 /* Match */

--- a/regexp.h

+++ b/regexp.h

@@ -1,6 +1,8 @@

 #ifndef regexp_h

 #define regexp_h

+#define regcompx js_regcompx

+#define regfreex js_regfreex

 #define regcomp js_regcomp

 #define regexec js_regexec

 #define regfree js_regfree

@@ -7,6 +9,11 @@

 typedef struct Reprog Reprog;

 typedef struct Resub Resub;

+

+Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,

+	const char *pattern, int cflags, const char **errorp);

+void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx,

+	Reprog *prog);

 Reprog *regcomp(const char *pattern, int cflags, const char **errorp);

 int regexec(Reprog *prog, const char *string, Resub *sub, int eflags);