From 0046526d0eba579a053833ab4ea54e3698fe4a3e Mon Sep 17 00:00:00 2001 From: "Philip.Hazel" Date: Wed, 22 Jul 2015 09:01:50 +0000 Subject: [PATCH] Fix incorrect compilation for repeated conditionals with only one branch. --- ChangeLog | 3 +++ src/pcre2_compile.c | 6 ++++++ testdata/testinput2 | 2 ++ testdata/testoutput2 | 16 ++++++++++++++++ 4 files changed, 27 insertions(+) diff --git a/ChangeLog b/ChangeLog index e6afed9..2668877 100644 --- a/ChangeLog +++ b/ChangeLog @@ -66,6 +66,9 @@ fuzzer. being diagnosed, possibly leading to a buffer overflow. This bug was found by the LLVM fuzzer. +18. A conditional group with only one branch has an implicit empty alternative +branch and must therefore be treated as potentially matching an empty string. + Version 10.20 30-June-2015 -------------------------- diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c index 940f693..9f1296d 100644 --- a/src/pcre2_compile.c +++ b/src/pcre2_compile.c @@ -5324,6 +5324,12 @@ for (;; ptr++) scode += GET(scode, 1); } while (*scode == OP_ALT); + + /* A conditional group with only one branch has an implicit empty + alternative branch. */ + + if (*bracode == OP_COND && bracode[GET(bracode,1)] != OP_ALT) + *bracode = OP_SCOND; } /* Handle possessive quantifiers. */ diff --git a/testdata/testinput2 b/testdata/testinput2 index 5af7aa2..1a4df08 100644 --- a/testdata/testinput2 +++ b/testdata/testinput2 @@ -4352,4 +4352,6 @@ a random value. /Ix "[[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[:::::::::::::::::[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[[[:::E[[[:[:[[:[:::[[:::E[[[:[:[[:'[:::::E[[[:[::::::[[[:[[[[[[[::E[[[:[::::::[[[:[[[[[[[[:[[::[::::[[:::::::[[:[[[[[[[:[[::[:[[:[~" +/()(?(R)0)*+/B + # End of testinput2 diff --git a/testdata/testoutput2 b/testdata/testoutput2 index 04405cf..177de8b 100644 --- a/testdata/testoutput2 +++ b/testdata/testoutput2 @@ -14537,4 +14537,20 @@ Subject length lower bound = 2 "[[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[:::::::::::::::::[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[[[:::E[[[:[:[[:[:::[[:::E[[[:[:[[:'[:::::E[[[:[::::::[[[:[[[[[[[::E[[[:[::::::[[[:[[[[[[[[:[[::[::::[[:::::::[[:[[[[[[[:[[::[:[[:[~" Failed: error 106 at offset 353: missing terminating ] for character class +/()(?(R)0)*+/B +------------------------------------------------------------------ + Bra + CBra 1 + Ket + Braposzero + SBraPos + SCond + Cond recurse any + 0 + Ket + KetRpos + Ket + End +------------------------------------------------------------------ + # End of testinput2