looking at the netbsd regex source, it seems like all accesses to `bmp`
_do_ all have appropriate `< NC` range checks, but because wint_t is
signed, the checks are wrong for negative values.
i think you want something like this patch:
diff --git a/lib/libc/regex/regcomp.c b/lib/libc/regex/regcomp.c
index 47602b77f621..2312dbaa947c 100644
--- a/lib/libc/regex/regcomp.c
+++ b/lib/libc/regex/regcomp.c
@@ -1764,8 +1764,7 @@ CHadd(struct parse *p, cset *cs, wint_t ch)
_DIAGASSERT(p != NULL);
_DIAGASSERT(cs != NULL);
- assert(ch >= 0);
- if (ch < NC)
+ if ((unsigned)ch < NC)
cs->bmp[(unsigned)ch >> 3] |= 1 << (ch & 7);
else {
newwides = reallocarray(cs->wides, cs->nwides + 1,
@@ -1778,9 +1777,9 @@ CHadd(struct parse *p, cset *cs, wint_t ch)
cs->wides[cs->nwides++] = ch;
}
if (cs->icase) {
- if ((nch = towlower(ch)) < NC)
+ if ((unsigned)(nch = towlower(ch)) < NC)
cs->bmp[(unsigned)nch >> 3] |= 1 << (nch & 7);
- if ((nch = towupper(ch)) < NC)
+ if ((unsigned)(nch = towupper(ch)) < NC)
cs->bmp[(unsigned)nch >> 3] |= 1 << (nch & 7);
}
}
diff --git a/lib/libc/regex/regex2.h b/lib/libc/regex/regex2.h
index fbfff0daf0f8..ee37044defc9 100644
--- a/lib/libc/regex/regex2.h
+++ b/lib/libc/regex/regex2.h
@@ -135,8 +135,7 @@ CHIN1(cset *cs, wint_t ch)
{
unsigned int i;
- assert(ch >= 0);
- if (ch < NC)
+ if ((unsigned)ch < NC)
return (((cs->bmp[(unsigned)ch >> 3] & (1 << (ch & 7))) !=
0) ^
cs->invert);
for (i = 0; i < cs->nwides; i++) {
@@ -160,8 +159,7 @@ static __inline int
CHIN(cset *cs, wint_t ch)
{
- assert(ch >= 0);
- if (ch < NC)
+ if ((unsigned)ch < NC)
return (((cs->bmp[(unsigned)ch >> 3] & (1 << (ch & 7))) !=
0) ^
cs->invert);
else if (cs->icase)