Fix incorrect compilation for repeated conditionals with only one branch.

This commit is contained in:
Philip.Hazel 2015-07-22 09:01:50 +00:00
parent 0b809c7de3
commit 0046526d0e
4 changed files with 27 additions and 0 deletions

View File

@ -66,6 +66,9 @@ fuzzer.
being diagnosed, possibly leading to a buffer overflow. This bug was found by being diagnosed, possibly leading to a buffer overflow. This bug was found by
the LLVM fuzzer. the LLVM fuzzer.
18. A conditional group with only one branch has an implicit empty alternative
branch and must therefore be treated as potentially matching an empty string.
Version 10.20 30-June-2015 Version 10.20 30-June-2015
-------------------------- --------------------------

View File

@ -5324,6 +5324,12 @@ for (;; ptr++)
scode += GET(scode, 1); scode += GET(scode, 1);
} }
while (*scode == OP_ALT); while (*scode == OP_ALT);
/* A conditional group with only one branch has an implicit empty
alternative branch. */
if (*bracode == OP_COND && bracode[GET(bracode,1)] != OP_ALT)
*bracode = OP_SCOND;
} }
/* Handle possessive quantifiers. */ /* Handle possessive quantifiers. */

2
testdata/testinput2 vendored
View File

@ -4352,4 +4352,6 @@ a random value. /Ix
"[[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[:::::::::::::::::[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[[[:::E[[[:[:[[:[:::[[:::E[[[:[:[[:'[:::::E[[[:[::::::[[[:[[[[[[[::E[[[:[::::::[[[:[[[[[[[[:[[::[::::[[:::::::[[:[[[[[[[:[[::[:[[:[~" "[[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[:::::::::::::::::[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[[[:::E[[[:[:[[:[:::[[:::E[[[:[:[[:'[:::::E[[[:[::::::[[[:[[[[[[[::E[[[:[::::::[[[:[[[[[[[[:[[::[::::[[:::::::[[:[[[[[[[:[[::[:[[:[~"
/()(?(R)0)*+/B
# End of testinput2 # End of testinput2

16
testdata/testoutput2 vendored
View File

@ -14537,4 +14537,20 @@ Subject length lower bound = 2
"[[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[:::::::::::::::::[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[[[:::E[[[:[:[[:[:::[[:::E[[[:[:[[:'[:::::E[[[:[::::::[[[:[[[[[[[::E[[[:[::::::[[[:[[[[[[[[:[[::[::::[[:::::::[[:[[[[[[[:[[::[:[[:[~" "[[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[:::::::::::::::::[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[[[:::E[[[:[:[[:[:::[[:::E[[[:[:[[:'[:::::E[[[:[::::::[[[:[[[[[[[::E[[[:[::::::[[[:[[[[[[[[:[[::[::::[[:::::::[[:[[[[[[[:[[::[:[[:[~"
Failed: error 106 at offset 353: missing terminating ] for character class Failed: error 106 at offset 353: missing terminating ] for character class
/()(?(R)0)*+/B
------------------------------------------------------------------
Bra
CBra 1
Ket
Braposzero
SBraPos
SCond
Cond recurse any
0
Ket
KetRpos
Ket
End
------------------------------------------------------------------
# End of testinput2 # End of testinput2