fix signedness error handling invalid multibyte sequences in regexec

the "< 0" test was always false due to use of an unsigned type. this
resulted in infinite loops on 32-bit machines (adding -1U to a pointer
is the same as adding -1) and crashes on 64-bit machines (offsetting
the string pointer by 4gb-1b when an illegal sequence was hit).

diff --git a/src/regex/regexec.c b/src/regex/regexec.c
index 79874ca..8107aae 100644 (file)
--- a/src/regex/regexec.c
+++ b/src/regex/regexec.c
@@ -174,7 +174,7 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
   tre_char_t prev_c = 0, next_c = 0;
   const char *str_byte = string;
   int pos = -1;
-  unsigned int pos_add_next = 1;
+  int pos_add_next = 1;
 #ifdef TRE_MBSTATE
   mbstate_t mbstate;
 #endif /* TRE_MBSTATE */
@@ -583,7 +583,7 @@ tre_tnfa_run_backtrack(const tre_tnfa_t *tnfa, const void *string,
   tre_char_t prev_c = 0, next_c = 0;
   const char *str_byte = string;
   int pos = 0;
-  unsigned int pos_add_next = 1;
+  int pos_add_next = 1;
 #ifdef TRE_MBSTATE
   mbstate_t mbstate;
 #endif /* TRE_MBSTATE */