From: nhmall <nhmall@nethack.org>
Date: Thu, 30 Jun 2022 16:58:19 +0000 (-0400)
Subject: cppregex regex_error_desc()
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0fd999a6b5e7d5e749eeeb6dd2fbb3aea45bd4ac;p=nethack

cppregex regex_error_desc()

Address sanitizer caught a use after free.
cppregex.cpp regex_error_desc() was not returning a pointer
to a static buffer, yet the posixregex was. Follow suit.
---

diff --git a/sys/share/cppregex.cpp b/sys/share/cppregex.cpp
index c3ce58ced..0e3a7de1a 100644
--- a/sys/share/cppregex.cpp
+++ b/sys/share/cppregex.cpp
@@ -12,6 +12,7 @@ extern "C" {
   #include <hack.h>
 
   extern const char regex_id[] = "cppregex";
+  static char cppregex_static_buffer[BUFSZ];
 
   struct nhregex {
     std::unique_ptr<std::regex> re;
@@ -39,10 +40,12 @@ extern "C" {
   }
 
   const char *regex_error_desc(struct nhregex *re) {
-    if (re->err)
-      return re->err->what();
-    else
-      return nullptr;
+      if (re->err) {
+          Snprintf(cppregex_static_buffer, sizeof cppregex_static_buffer,
+                   "%s", re->err->what());
+          return cppregex_static_buffer;
+      } else
+          return nullptr;
   }
 
   boolean regex_match(const char *s, struct nhregex *re) {