From 28b64380c436c42e0002fa56c0a0a6f999ca1a71 Mon Sep 17 00:00:00 2001 From: Nelson Ferreira Date: Mon, 5 Mar 2012 18:04:10 -0500 Subject: [PATCH] Coverity: Out of bounds write: CID 21140 * src/search.c (boyer_moore): Make it explicit that the value will always be within the range of the index. Previously it was a side effect of the downcast to unsigned char, now its explicit. Signed-off-by: Nelson Ferreira --- src/search.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/search.c b/src/search.c index 2c1e019..c1301a9 100644 --- a/src/search.c +++ b/src/search.c @@ -46,9 +46,11 @@ along with this program. If not, see . */ (!NILP (table) ? TRT_TABLE_OF (table, (Emchar) pos) : pos) #include "elhash.h" +/* Make sure these are ALWAYS powers of 2 */ #define REGEXP_CACHE_SIZE 0x80 #define REGEXP_CACHE_HASH_MASK (REGEXP_CACHE_SIZE-1) #define REGEXP_FASTMAP_SIZE 0400 +#define REGEXP_FASTMAP_MASK (REGEXP_FASTMAP_SIZE-1) #define __REGEXP_DEBUG__(args...) fprintf(stderr, "REGEXP " args) #ifndef REGEXP_DEBUG_FLAG @@ -1867,9 +1869,9 @@ boyer_moore(struct buffer *buf, Bufbyte * base_pat, Bytecount len, this_translated = 0; } if (ch > REGEXP_FASTMAP_SIZE) - j = ((unsigned char)ch | 0200); + j = ((unsigned char)(ch & REGEXP_FASTMAP_SIZE)| 0200); else - j = (unsigned char)ch; + j = (unsigned char)(ch & REGEXP_FASTMAP_SIZE); if (i == infinity) stride_for_teases = BM_tab[j]; @@ -1882,9 +1884,9 @@ boyer_moore(struct buffer *buf, Bufbyte * base_pat, Bytecount len, while (1) { ch = TRANSLATE(inverse_trt, ch); if (ch > REGEXP_FASTMAP_SIZE) - j = ((unsigned char)ch | 0200); + j = ((unsigned char)(ch & REGEXP_FASTMAP_SIZE) | 0200); else - j = (unsigned char)ch; + j = (unsigned char)(ch & REGEXP_FASTMAP_SIZE); /* For all the characters that map into CH, set up simple_translate to map the last byte -- 2.25.1