This bug was found with Codex; the fix has been applied in my github.com/pmetzger/zimh fork, but I'm reporting the fix upstream as a courtesy.
sim_exp_check() stale capture-group cleanup bug
The bug was in sim_exp_check(), in the regular-expression match path
that exports _EXPECT_MATCH_GROUP_n environment variables.
Symptom
After one regex match with more capture groups, a later regex match with
fewer groups could leave stale _EXPECT_MATCH_GROUP_n values behind from
the earlier match.
Example:
- A first match exports:
_EXPECT_MATCH_GROUP_0=ab42_EXPECT_MATCH_GROUP_1=4_EXPECT_MATCH_GROUP_2=2
- A later match with only one subgroup exports:
_EXPECT_MATCH_GROUP_0=cd7_EXPECT_MATCH_GROUP_1=7
_EXPECT_MATCH_GROUP_2 incorrectly remained "2" instead of being
cleared or blanked.
Cause
sim_exp_check() tracked the prior regex state in a static
sim_exp_match_sub_count, but it updated that count incorrectly after a
successful match.
It stored the wrong bound for later cleanup, so the loop that blanked
stale _EXPECT_MATCH_GROUP_n entries did not run far enough.
Fix
Update the stored count after a successful regex match to the full
compiled-pattern capture-group capacity, i.e. replace:
sim_exp_match_sub_count = ep->re_nsub;
with:
sim_exp_match_sub_count = (size_t)ep->re_nsub + 1;
That gives the cleanup loop the correct upper bound for clearing stale
group variables on later matches.
This bug was found with Codex; the fix has been applied in my github.com/pmetzger/zimh fork, but I'm reporting the fix upstream as a courtesy.
sim_exp_check()stale capture-group cleanup bugThe bug was in
sim_exp_check(), in the regular-expression match paththat exports
_EXPECT_MATCH_GROUP_nenvironment variables.Symptom
After one regex match with more capture groups, a later regex match with
fewer groups could leave stale
_EXPECT_MATCH_GROUP_nvalues behind fromthe earlier match.
Example:
_EXPECT_MATCH_GROUP_0=ab42_EXPECT_MATCH_GROUP_1=4_EXPECT_MATCH_GROUP_2=2_EXPECT_MATCH_GROUP_0=cd7_EXPECT_MATCH_GROUP_1=7_EXPECT_MATCH_GROUP_2incorrectly remained"2"instead of beingcleared or blanked.
Cause
sim_exp_check()tracked the prior regex state in a staticsim_exp_match_sub_count, but it updated that count incorrectly after asuccessful match.
It stored the wrong bound for later cleanup, so the loop that blanked
stale
_EXPECT_MATCH_GROUP_nentries did not run far enough.Fix
Update the stored count after a successful regex match to the full
compiled-pattern capture-group capacity, i.e. replace:
sim_exp_match_sub_count = ep->re_nsub;with:
sim_exp_match_sub_count = (size_t)ep->re_nsub + 1;That gives the cleanup loop the correct upper bound for clearing stale
group variables on later matches.