fix warnings reported by Coverity

regcomp.c:126 fixed_size_dest: You might overrun the 100 byte fixed-size string buf by copying s without checking the length
regerror.c:11 fixed_size_dest: You might overrun the 132 byte fixed-size string buf by copying s without checking the length
regexec:174 leaked_storage: Variable relist0 going out of scope leaks the storage it points to

diff --git a/regcomp.c b/regcomp.c
index 5b01d950413826d92364cb5746258eb9fb7c0528..195d6813b179c08514c063d24885e9ced035d2ce 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -124,7 +124,7 @@ cant(char *s)
 {
        char buf[100];
        strncpy(buf, "can't happen: ", sizeof(buf));
-       strcat(buf, s);
+       strncat(buf, s, sizeof(buf)-1);
        rcerror(buf);
 }
 

diff --git a/regerror.c b/regerror.c
index c2e1826ba6c04821289aa0a3399ab8ea50a0376b..e63f0842769eae9f31f1765ad2f1d99435176112 100644 (file)
--- a/regerror.c
+++ b/regerror.c
@@ -9,8 +9,8 @@ regerror(char *s)
        char buf[132];
 
        strncpy(buf, "regerror: ", sizeof(buf));
-       strcat(buf, s);
-       strcat(buf, "\n");
+       strncat(buf, s, sizeof(buf)-1);
+       strncat(buf, "\n", sizeof(buf)-1);
        write(2, buf, strlen(buf));
        exit(1);
 }

diff --git a/regexec.c b/regexec.c
index e2dadb813e8dde3c8a3e862157591fefee1cbd08..b0f9c86e5d8af7679f0e72484bf62dff17e16479 100644 (file)
--- a/regexec.c
+++ b/regexec.c
@@ -171,7 +171,7 @@ regexec2(Reprog *progp,     /* program to run */
                return -1;
        relist1 = malloc(BIGLISTSIZE*sizeof(Relist));
        if(relist1 == NULL){
-               free(relist1);
+               free(relist0);
                return -1;
        }
        j->relist[0] = relist0;