René Scharfe <l.s.r@xxxxxx> writes: > Am 09.08.2017 um 00:26 schrieb Junio C Hamano: >> ... but in the meantime, I think replacing the test with "0$" to >> force the scanner to find either the end of line or the end of the >> buffer may be a good workaround. We do not have to care how many of >> random bytes are in front of the last "0" in order to ensure that >> the regexec_buf() does not overstep to 4097th byte, while seeing >> that regexec() that does not know how long the haystack is has to do >> so, no? > > Our regexec() calls strlen() (see my other reply). > > Using "0$" looks like the best option to me. Yeah, it seems that way. If we want to be close/faithful to the original, we could do "^0*$", but the part that is essential to trigger the old bug is not the "we have many zeroes" (or "we have 4096 zeroes") part, but "zero is at the end of the string" part, so "0$" would be the minimal pattern that also would work for OBSD. Dscho?