Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Fwd: New Defects reported by Coverity Scan for zsh

X-seq: zsh-workers 52252
From: Oliver Kiddle <opk@xxxxxxx>
To: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
Cc: Zsh hackers list <zsh-workers@xxxxxxx>
Subject: Re: Fwd: New Defects reported by Coverity Scan for zsh
Date: Mon, 30 Oct 2023 23:39:24 +0100
Archived-at: <https://zsh.org/workers/52252>
In-reply-to: <CAH+w=7b7AeiCpw74rKrg_3PhykY826X5Mu=B_+=m4aLw3vzxzw@mail.gmail.com>
List-id: <zsh-workers.zsh.org>
References: <652dee2ec786c_bbea62e6ad4f459a85503b@prd-scan-dashboard-0.mail> <CAH+w=7aBWQhr5GjRbEB-kLPggmDViUR=rktKY0xLq-+UvYiqeA@mail.gmail.com> <CAH+w=7b7AeiCpw74rKrg_3PhykY826X5Mu=B_+=m4aLw3vzxzw@mail.gmail.com>

On 18 Oct, Bart Schaefer wrote:
> > *** CID 1547827:  Null pointer dereferences  (FORWARD_NULL)
> > /Src/Modules/pcre.c: 370 in bin_pcre_match()
> > >>>     Passing null pointer "named" to "zpcre_get_substrings", which dereferences it.
>
> This is from Oliver's 51738 (PCRE's alternative DFA), I'm not going to
> interpret futher.

The DFA matching doesn't support captures so I wouldn't expect it to
find any. However it counts them at compile time rather than when
matching so explicitly guarding against this condition probably is
needed.

Oliver

diff --git a/Src/Modules/pcre.c b/Src/Modules/pcre.c
index 96f3c6e65..f5cda6d38 100644
--- a/Src/Modules/pcre.c
+++ b/Src/Modules/pcre.c
@@ -187,7 +187,8 @@ zpcre_get_substrings(pcre2_code *pat, char *arg, pcre2_match_data *mdata,
 	    setaparam(substravar, matches);
 	}
 
-	if (!pcre2_pattern_info(pat, PCRE2_INFO_NAMECOUNT, &ncount) && ncount
+	if (namedassoc
+		&& !pcre2_pattern_info(pat, PCRE2_INFO_NAMECOUNT, &ncount) && ncount
 		&& !pcre2_pattern_info(pat, PCRE2_INFO_NAMEENTRYSIZE, &nsize)
 		&& !pcre2_pattern_info(pat, PCRE2_INFO_NAMETABLE, &ntable))
 	{

References:
- Fwd: New Defects reported by Coverity Scan for zsh
  - From: Bart Schaefer

Messages sorted by: Reverse Date, Date, Thread, Author