avatar
mikhailnov has added 9dc762cbb7
Fix next_brace_sub() to return NULL if braces don't match.

Port of https://github.com/rpm-software-management/rpm/commit/1af568ac883fe06e932a7fc8f8035eb04e621907 from RPM4

"Our implementation of glob() is copied from glibc (2.1 probably) which
has buggy implementation of next_brace_sub(). It is fixed in the newer
version of glibc. Now next_brace_sub() is modified according to newer
(fixed) version of glic. We didn't reveal this bug sooner because brace
expansion was disabled in rpm but we enabled brace expansion in
commit d14ecfe587efbe80e5534161dbd3a4f7158b4e2b."
(not enabled in RPM5)

... ... --- a/rpmio/glob.c
... ... +++ b/rpmio/glob.c
... ... @@ -130,36 +130,15 @@ next_brace_sub (const char *begin)
130 130
  unsigned int depth = 0;
131 131
  const char *cp = begin;
132 132
133
  while (1)
134
    {
135
      if (depth == 0)
136
	{
137
	  if (*cp != ',' && *cp != '}' && *cp != '\0')
138
	    {
139
	      if (*cp == '{')
140
		++depth;
141
	      ++cp;
142
	      continue;
143
	    }
144
	}
145
      else
146
	{
147
	  while (*cp != '\0' && (*cp != '}' || depth > 0))
148
	    {
149
	      if (*cp == '}')
150
		--depth;
151
	      ++cp;
152
	    }
153
	  if (*cp == '\0')
154
	    /* An incorrectly terminated brace expression.  */
155
	    return NULL;
133
  while (*cp != '\0') {
134
	if ((*cp == '}' && depth-- == 0) || (*cp == ',' && depth == 0))
135
	  break;
156 136
157
	  continue;
158
	}
159
      break;
137
	if (*cp++ == '{')
138
	  depth++;
160 139
    }
161 140
162
  return cp;
141
  return *cp != '
163 142
}
164 143
165 144
static int __glob_pattern_p (const char *pattern, int quote);

Comments