Improve the pointer-overflow bug fix.

Change-Id: I07434e2a0a594516e478e414bf5479c28bc4ed71 Reviewed-on: https://code-review.googlesource.com/14274 Reviewed-by: Paul Wankadia <[email protected]>
google · Jun 27, 2017 · a810d71 · a810d71
1 parent b09f2b1
commit a810d71
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/re2/nfa.cc b/re2/nfa.cc
@@ -382,29 +382,29 @@ int NFA::Step(Threadq* runq, Threadq* nextq, int c, int flag, const char* p) {
         break;
 
       case kInstMatch: {
-        // Avoid invoking undefined behavior (awkwardly...)
-        // when p happens to be null.
-        const char* pminus1 = reinterpret_cast<const char*>(
-            reinterpret_cast<intptr_t>(p) - 1);
+        // Avoid invoking undefined behavior when p happens
+        // to be null - and p-1 would be meaningless anyway.
+        if (p == NULL)
+          break;
 
-        if (endmatch_ && pminus1 != etext_)
+        if (endmatch_ && p-1 != etext_)
           break;
 
         if (longest_) {
           // Leftmost-longest mode: save this match only if
           // it is either farther to the left or at the same
           // point but longer than an existing match.
           if (!matched_ || t->capture[0] < match_[0] ||
-              (t->capture[0] == match_[0] && pminus1 > match_[1])) {
+              (t->capture[0] == match_[0] && p-1 > match_[1])) {
             CopyCapture(match_, t->capture);
-            match_[1] = pminus1;
+            match_[1] = p-1;
             matched_ = true;
           }
         } else {
           // Leftmost-biased mode: this match is by definition
           // better than what we've already found (see next line).
           CopyCapture(match_, t->capture);
-          match_[1] = pminus1;
+          match_[1] = p-1;
           matched_ = true;
 
           // Cut off the threads that can only find matches