[PATCH 1/4] regex: avoid copying of uninitialized storage

[PATCH 1/4] regex: avoid copying of uninitialized storage

[Paul Eggert]

* config/srclist.txt: Comment out regcomp.c temporarily.
* lib/regcomp.c (build_charclass_op, create_tree) [! (GCC_LINT||lint)]:
Initialize even when not checking for lint, as the behavior is
arguably undefined otherwise and Coverity warns about it.
---
 ChangeLog          |  8 ++++++++
 config/srclist.txt |  2 +-
 lib/regcomp.c      | 13 ++-----------
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0fbb2d439..8251b8396 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2019-10-09  Paul Eggert  <eggert@cs.ucla.edu>
+
+	regex: avoid copying of uninitialized storage
+	* config/srclist.txt: Comment out regcomp.c temporarily.
+	* lib/regcomp.c (build_charclass_op, create_tree) [! (GCC_LINT||lint)]:
+	Initialize even when not checking for lint, as the behavior is
+	arguably undefined otherwise and Coverity warns about it.
+
 2019-10-06  Bruno Haible  <bruno@clisp.org>
 
 	access tests: Fix test failure when run as root.
diff --git a/config/srclist.txt b/config/srclist.txt
index 4a3a5a7af..bceaee863 100644
--- a/config/srclist.txt
+++ b/config/srclist.txt
@@ -52,7 +52,7 @@ $LIBCSRC malloc/scratch_buffer_grow_preserve.c	lib/malloc
 $LIBCSRC malloc/scratch_buffer_set_array_size.c	lib/malloc
 # Temporarily newer in Gnulib than in glibc.
 #$LIBCSRC include/intprops.h             lib
-$LIBCSRC posix/regcomp.c		lib
+#$LIBCSRC posix/regcomp.c		lib
 $LIBCSRC posix/regex.c			lib
 $LIBCSRC posix/regex.h			lib
 $LIBCSRC posix/regex_internal.c		lib
diff --git a/lib/regcomp.c b/lib/regcomp.c
index 7525355a9..c1f7f2b2a 100644
--- a/lib/regcomp.c
+++ b/lib/regcomp.c
@@ -3662,7 +3662,6 @@ build_charclass_op (re_dfa_t *dfa, RE_TRANSLATE_TYPE trans,
   Idx alloc = 0;
 #endif /* not RE_ENABLE_I18N */
   reg_errcode_t ret;
-  re_token_t br_token;
   bin_tree_t *tree;
 
   sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
@@ -3713,11 +3712,7 @@ build_charclass_op (re_dfa_t *dfa, RE_TRANSLATE_TYPE trans,
 #endif
 
   /* Build a tree for simple bracket.  */
-#if defined GCC_LINT || defined lint
-  memset (&br_token, 0, sizeof br_token);
-#endif
-  br_token.type = SIMPLE_BRACKET;
-  br_token.opr.sbcset = sbcset;
+  re_token_t br_token = { .type = SIMPLE_BRACKET, .opr.sbcset = sbcset };
   tree = create_token_tree (dfa, NULL, NULL, &br_token);
   if (__glibc_unlikely (tree == NULL))
     goto build_word_op_espace;
@@ -3808,11 +3803,7 @@ static bin_tree_t *
 create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right,
 	     re_token_type_t type)
 {
-  re_token_t t;
-#if defined GCC_LINT || defined lint
-  memset (&t, 0, sizeof t);
-#endif
-  t.type = type;
+  re_token_t t = { .type = type };
   return create_token_tree (dfa, left, right, &t);
 }
 
-- 
2.21.0

[PATCH 2/4] regex: simplify by assuming C99

[Paul Eggert]

* config/srclist.txt: Comment out regex_internal.h and regexec.c
temporarily.
* lib/regex_internal.h (lock_define, re_match_context_t):
Simplify by assuming C99 macros and const.
* lib/regexec.c (re_search_internal): Simplify by assuming C99
initializers.  Remove unnecessary assignment, as mctx is now
safely initialized earlier.
---
 ChangeLog            |  9 +++++++++
 config/srclist.txt   |  4 ++--
 lib/regex_internal.h | 21 +--------------------
 lib/regexec.c        | 11 -----------
 4 files changed, 12 insertions(+), 33 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8251b8396..4f96c8cbf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2019-10-09  Paul Eggert  <eggert@cs.ucla.edu>
 
+	regex: simplify by assuming C99
+	* config/srclist.txt: Comment out regex_internal.h and regexec.c
+	temporarily.
+	* lib/regex_internal.h (lock_define, re_match_context_t):
+	Simplify by assuming C99 macros and const.
+	* lib/regexec.c (re_search_internal): Simplify by assuming C99
+	initializers.  Remove unnecessary assignment, as mctx is now
+	safely initialized earlier.
+
 	regex: avoid copying of uninitialized storage
 	* config/srclist.txt: Comment out regcomp.c temporarily.
 	* lib/regcomp.c (build_charclass_op, create_tree) [! (GCC_LINT||lint)]:
diff --git a/config/srclist.txt b/config/srclist.txt
index bceaee863..c53fb90a8 100644
--- a/config/srclist.txt
+++ b/config/srclist.txt
@@ -56,8 +56,8 @@ $LIBCSRC malloc/scratch_buffer_set_array_size.c	lib/malloc
 $LIBCSRC posix/regex.c			lib
 $LIBCSRC posix/regex.h			lib
 $LIBCSRC posix/regex_internal.c		lib
-$LIBCSRC posix/regex_internal.h		lib
-$LIBCSRC posix/regexec.c		lib
+#$LIBCSRC posix/regex_internal.h	lib
+#$LIBCSRC posix/regexec.c		lib
 $LIBCSRC time/timegm.c			lib
 $LIBCSRC time/mktime.c			lib
 $LIBCSRC time/mktime-internal.h		lib
diff --git a/lib/regex_internal.h b/lib/regex_internal.h
index 5462419b7..9c0e1f1d1 100644
--- a/lib/regex_internal.h
+++ b/lib/regex_internal.h
@@ -44,22 +44,7 @@
 # define lock_unlock(lock) __libc_lock_unlock (lock)
 #elif defined GNULIB_LOCK && !defined USE_UNLOCKED_IO
 # include "glthread/lock.h"
-  /* Use gl_lock_define if empty macro arguments are known to work.
-     Otherwise, fall back on less-portable substitutes.  */
-# if ((defined __GNUC__ && !defined __STRICT_ANSI__) \
-      || (defined __STDC_VERSION__ && 199901L <= __STDC_VERSION__))
-#  define lock_define(name) gl_lock_define (, name)
-# elif USE_POSIX_THREADS
-#  define lock_define(name) pthread_mutex_t name;
-# elif USE_PTH_THREADS
-#  define lock_define(name) pth_mutex_t name;
-# elif USE_SOLARIS_THREADS
-#  define lock_define(name) mutex_t name;
-# elif USE_WINDOWS_THREADS
-#  define lock_define(name) gl_lock_t name;
-# else
-#  define lock_define(name)
-# endif
+# define lock_define(name) gl_lock_define (, name)
 # define lock_init(lock) glthread_lock_init (&(lock))
 # define lock_fini(lock) glthread_lock_destroy (&(lock))
 # define lock_lock(lock) glthread_lock_lock (&(lock))
@@ -618,11 +603,7 @@ typedef struct
 {
   /* The string object corresponding to the input string.  */
   re_string_t input;
-#if defined _LIBC || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L)
   const re_dfa_t *const dfa;
-#else
-  const re_dfa_t *dfa;
-#endif
   /* EFLAGS of the argument of regexec.  */
   int eflags;
   /* Where the matching ends.  */
diff --git a/lib/regexec.c b/lib/regexec.c
index 4ff30a79c..f7d2b5b20 100644
--- a/lib/regexec.c
+++ b/lib/regexec.c
@@ -597,21 +597,12 @@ re_search_internal (const regex_t *preg, const char *string, Idx length,
   Idx extra_nmatch;
   bool sb;
   int ch;
-#if defined _LIBC || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L)
   re_match_context_t mctx = { .dfa = dfa };
-#else
-  re_match_context_t mctx;
-#endif
   char *fastmap = ((preg->fastmap != NULL && preg->fastmap_accurate
 		    && start != last_start && !preg->can_be_null)
 		   ? preg->fastmap : NULL);
   RE_TRANSLATE_TYPE t = preg->translate;
 
-#if !(defined _LIBC || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
-  memset (&mctx, '\0', sizeof (re_match_context_t));
-  mctx.dfa = dfa;
-#endif
-
   extra_nmatch = (nmatch > preg->re_nsub) ? nmatch - (preg->re_nsub + 1) : 0;
   nmatch -= extra_nmatch;
 
@@ -677,8 +668,6 @@ re_search_internal (const regex_t *preg, const char *string, Idx length,
 	  goto free_return;
 	}
     }
-  else
-    mctx.state_log = NULL;
 
   match_first = start;
   mctx.input.tip_context = (eflags & REG_NOTBOL) ? CONTEXT_BEGBUF
-- 
2.21.0

[PATCH 3/4] regex: tell compiler there’s at most 256 arcs out

[Paul Eggert]

Partly this is to help the reader (and maybe help GCC);
partly this is to pacify Coverity.
* lib/regex_internal.h: Include verify.h.
* lib/regexec.c (group_nodes_into_DFAstates):
Tell the compiler that ndests cannot exceed SBC_MAX.
* modules/regex (Depends-on): Add ‘verify’.
---
 ChangeLog            | 8 ++++++++
 lib/regex_internal.h | 1 +
 lib/regexec.c        | 1 +
 modules/regex        | 1 +
 4 files changed, 11 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 4f96c8cbf..360973ba4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2019-10-09  Paul Eggert  <eggert@cs.ucla.edu>
 
+	regex: tell compiler there’s at most 256 arcs out
+	Partly this is to help the reader (and maybe help GCC);
+	partly this is to pacify Coverity.
+	* lib/regex_internal.h: Include verify.h.
+	* lib/regexec.c (group_nodes_into_DFAstates):
+	Tell the compiler that ndests cannot exceed SBC_MAX.
+	* modules/regex (Depends-on): Add ‘verify’.
+
 	regex: simplify by assuming C99
 	* config/srclist.txt: Comment out regex_internal.h and regexec.c
 	temporarily.
diff --git a/lib/regex_internal.h b/lib/regex_internal.h
index 9c0e1f1d1..b6eeba32d 100644
--- a/lib/regex_internal.h
+++ b/lib/regex_internal.h
@@ -34,6 +34,7 @@
 #include <stdint.h>
 
 #include <intprops.h>
+#include <verify.h>
 
 #ifdef _LIBC
 # include <libc-lock.h>
diff --git a/lib/regexec.c b/lib/regexec.c
index f7d2b5b20..0d32e0139 100644
--- a/lib/regexec.c
+++ b/lib/regexec.c
@@ -3684,6 +3684,7 @@ group_nodes_into_DFAstates (const re_dfa_t *dfa, const re_dfastate_t *state,
 	  bitset_empty (accepts);
 	}
     }
+  assume (ndests <= SBC_MAX);
   return ndests;
  error_return:
   for (j = 0; j < ndests; ++j)
diff --git a/modules/regex b/modules/regex
index 7f50916ce..dbfd37982 100644
--- a/modules/regex
+++ b/modules/regex
@@ -30,6 +30,7 @@ mbsinit         [test $ac_use_included_regex = yes]
 nl_langinfo     [test $ac_use_included_regex = yes]
 stdbool         [test $ac_use_included_regex = yes]
 stdint          [test $ac_use_included_regex = yes]
+verify          [test $ac_use_included_regex = yes]
 wchar           [test $ac_use_included_regex = yes]
 wcrtomb         [test $ac_use_included_regex = yes]
 wctype-h        [test $ac_use_included_regex = yes]
-- 
2.21.0

[PATCH 4/4] regex: omit debug assignment when not debugging

[Paul Eggert]

* lib/regexec.c (re_search_internal) [!DEBUG]:
Remove unnecessary assignment to pacify Coverity.
---
 ChangeLog     | 4 ++++
 lib/regexec.c | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 360973ba4..e9e337666 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2019-10-09  Paul Eggert  <eggert@cs.ucla.edu>
 
+	regex: omit debug assignment when not debugging
+	* lib/regexec.c (re_search_internal) [!DEBUG]:
+	Remove unnecessary assignment.
+
 	regex: tell compiler there’s at most 256 arcs out
 	Partly this is to help the reader (and maybe help GCC);
 	partly this is to pacify Coverity.
diff --git a/lib/regexec.c b/lib/regexec.c
index 0d32e0139..809f89e26 100644
--- a/lib/regexec.c
+++ b/lib/regexec.c
@@ -817,7 +817,9 @@ re_search_internal (const regex_t *preg, const char *string, Idx length,
 		    break;
 		  if (__glibc_unlikely (err != REG_NOMATCH))
 		    goto free_return;
+#ifdef DEBUG
 		  match_last = -1;
+#endif
 		}
 	      else
 		break; /* We found a match.  */
-- 
2.21.0

Re: [PATCH 2/4] regex: simplify by assuming C99

[Bruno Haible]

Paul Eggert wrote:
> Simplify by assuming C99 macros and const.
> * lib/regexec.c (re_search_internal): Simplify by assuming C99
> initializers.

I confirm that it builds fine, even with weird compilers such as
HP-UX cc and MSVC 14.

Bruno