more characters) causes negative indexing into pattern string.
{
register int c;
int cclcnt;
{
register int c;
int cclcnt;
- register char *ep, *dp, *sp, *lastep = 0;
+ register unsigned char *ep, *dp, *sp, *lastep = 0;
dp = (ep = n->n_expbuf) + sizeof n->n_expbuf;
sp = astr;
dp = (ep = n->n_expbuf) + sizeof n->n_expbuf;
sp = astr;
case '[':
*ep++ = CCL;
*ep++ = 0;
case '[':
*ep++ = CCL;
*ep++ = 0;
if ((c = *sp++) == '^') {
c = *sp++;
ep[-2] = NCCL;
if ((c = *sp++) == '^') {
c = *sp++;
ep[-2] = NCCL;
goto cerror;
}
} while ((c = *sp++) != ']');
goto cerror;
}
} while ((c = *sp++) != ']');
+ if (cclcnt > 255)
+ goto cerror;
lastep[1] = cclcnt;
continue;
lastep[1] = cclcnt;
continue;
static int
advance (char *alp, char *aep)
{
static int
advance (char *alp, char *aep)
{
- register char *lp, *ep, *curlp;
+ register unsigned char *lp, *ep, *curlp;
+ lp = (unsigned char *)alp;
+ ep = (unsigned char *)aep;
for (;;)
switch (*ep++) {
case CCHR:
for (;;)
switch (*ep++) {
case CCHR:
- if (*ep++ == *lp++ || ep[-1] == cc[(unsigned char)lp[-1]])
+ if (*ep++ == *lp++ || ep[-1] == cc[lp[-1]])
case CCL:
if (cclass (ep, *lp++, 1)) {
case CCL:
if (cclass (ep, *lp++, 1)) {
continue;
}
return 0;
case NCCL:
if (cclass (ep, *lp++, 0)) {
continue;
}
return 0;
case NCCL:
if (cclass (ep, *lp++, 0)) {
case CCHR | STAR:
curlp = lp;
case CCHR | STAR:
curlp = lp;
- while (*lp++ == *ep || cc[(unsigned char)lp[-1]] == *ep)
+ while (*lp++ == *ep || cc[lp[-1]] == *ep)
continue;
ep++;
goto star;
continue;
ep++;
goto star;
curlp = lp;
while (cclass (ep, *lp++, ep[-1] == (CCL | STAR)))
continue;
curlp = lp;
while (cclass (ep, *lp++, ep[-1] == (CCL | STAR)))
continue;
-cclass (char *aset, int ac, int af)
+cclass (unsigned char *aset, int ac, int af)
- register int n;
- register char c,
- *set;
+ register unsigned int n;
+ register unsigned char c, *set;
set = aset;
if ((c = ac) == 0)
return (0);
n = *set++;
set = aset;
if ((c = ac) == 0)
return (0);
n = *set++;
- while (--n)
- if (*set++ == c || set[-1] == cc[(unsigned char)c])
+ while (n--)
+ if (*set++ == c || set[-1] == cc[c])
return (af);
return (!af);
return (af);
return (!af);