From a810d718ac57e470f02a930168f5262d50edcf77 Mon Sep 17 00:00:00 2001 From: Paul Wankadia Date: Tue, 27 Jun 2017 22:54:31 +1000 Subject: [PATCH] Improve the pointer-overflow bug fix. Change-Id: I07434e2a0a594516e478e414bf5479c28bc4ed71 Reviewed-on: https://code-review.googlesource.com/14274 Reviewed-by: Paul Wankadia --- re2/nfa.cc | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/re2/nfa.cc b/re2/nfa.cc index 341c32188..ac853f9a2 100644 --- a/re2/nfa.cc +++ b/re2/nfa.cc @@ -382,12 +382,12 @@ int NFA::Step(Threadq* runq, Threadq* nextq, int c, int flag, const char* p) { break; case kInstMatch: { - // Avoid invoking undefined behavior (awkwardly...) - // when p happens to be null. - const char* pminus1 = reinterpret_cast( - reinterpret_cast(p) - 1); + // Avoid invoking undefined behavior when p happens + // to be null - and p-1 would be meaningless anyway. + if (p == NULL) + break; - if (endmatch_ && pminus1 != etext_) + if (endmatch_ && p-1 != etext_) break; if (longest_) { @@ -395,16 +395,16 @@ int NFA::Step(Threadq* runq, Threadq* nextq, int c, int flag, const char* p) { // it is either farther to the left or at the same // point but longer than an existing match. if (!matched_ || t->capture[0] < match_[0] || - (t->capture[0] == match_[0] && pminus1 > match_[1])) { + (t->capture[0] == match_[0] && p-1 > match_[1])) { CopyCapture(match_, t->capture); - match_[1] = pminus1; + match_[1] = p-1; matched_ = true; } } else { // Leftmost-biased mode: this match is by definition // better than what we've already found (see next line). CopyCapture(match_, t->capture); - match_[1] = pminus1; + match_[1] = p-1; matched_ = true; // Cut off the threads that can only find matches