projects / sxemacs / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2433e78)
Coverity: Out of bounds write: CID 21140
authorNelson Ferreira <nelson.ferreira@ieee.org>
Mon, 5 Mar 2012 23:04:10 +0000 (18:04 -0500)
committerNelson Ferreira <nelson.ferreira@ieee.org>
Mon, 5 Mar 2012 23:04:10 +0000 (18:04 -0500)
* src/search.c (boyer_moore): Make it explicit that the value will
always be within the range of the index. Previously it was a side
effect of the downcast to unsigned char, now its explicit.

Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>
src/search.c patch | blob | history

diff --git a/src/search.c b/src/search.c
index 2c1e019..c1301a9 100644 (file)
--- a/src/search.c
+++ b/src/search.c
@@ -46,9 +46,11 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>. */
  (!NILP (table) ? TRT_TABLE_OF (table, (Emchar) pos) : pos)
 \f
 #include "elhash.h"
+/* Make sure these are ALWAYS powers of 2 */
 #define REGEXP_CACHE_SIZE 0x80
 #define REGEXP_CACHE_HASH_MASK (REGEXP_CACHE_SIZE-1)
 #define REGEXP_FASTMAP_SIZE 0400
+#define REGEXP_FASTMAP_MASK (REGEXP_FASTMAP_SIZE-1)
 
 #define __REGEXP_DEBUG__(args...)      fprintf(stderr, "REGEXP " args)
 #ifndef REGEXP_DEBUG_FLAG
@@ -1867,9 +1869,9 @@ boyer_moore(struct buffer *buf, Bufbyte * base_pat, Bytecount len,
                                this_translated = 0;
                        }
                        if (ch > REGEXP_FASTMAP_SIZE)
-                               j = ((unsigned char)ch | 0200);
+                               j = ((unsigned char)(ch & REGEXP_FASTMAP_SIZE)| 0200);
                        else
-                               j = (unsigned char)ch;
+                               j = (unsigned char)(ch & REGEXP_FASTMAP_SIZE);
 
                        if (i == infinity)
                                stride_for_teases = BM_tab[j];
@@ -1882,9 +1884,9 @@ boyer_moore(struct buffer *buf, Bufbyte * base_pat, Bytecount len,
                                while (1) {
                                        ch = TRANSLATE(inverse_trt, ch);
                                        if (ch > REGEXP_FASTMAP_SIZE)
-                                               j = ((unsigned char)ch | 0200);
+                                               j = ((unsigned char)(ch & REGEXP_FASTMAP_SIZE) | 0200);
                                        else
-                                               j = (unsigned char)ch;
+                                               j = (unsigned char)(ch & REGEXP_FASTMAP_SIZE);
 
                                        /* For all the characters that map into CH,
                                           set up simple_translate to map the last byte
SXEmacs