Implement a check on the number of capturing parentheses, which for some reason

has never existed. This fixes ClusterFuzz issue 14376.
This commit is contained in:
Philip.Hazel 2019-04-22 12:39:38 +00:00
parent 4e4f273f07
commit 16de9003e5
12 changed files with 46 additions and 4 deletions

View File

@ -2,6 +2,14 @@ Change Log for PCRE2
-------------------- --------------------
Version 10.34 22-April-2019
---------------------------
1. The maximum number of capturing subpatterns is 65535 (documented), but no
check on this was ever implemented. This omission has been rectified; it fixes
ClusterFuzz 14376.
Version 10.33 16-April-2019 Version 10.33 16-April-2019
--------------------------- ---------------------------

View File

@ -9,9 +9,9 @@ dnl The PCRE2_PRERELEASE feature is for identifying release candidates. It might
dnl be defined as -RC2, for example. For real releases, it should be empty. dnl be defined as -RC2, for example. For real releases, it should be empty.
m4_define(pcre2_major, [10]) m4_define(pcre2_major, [10])
m4_define(pcre2_minor, [33]) m4_define(pcre2_minor, [34])
m4_define(pcre2_prerelease, []) m4_define(pcre2_prerelease, [-RC1])
m4_define(pcre2_date, [2019-04-16]) m4_define(pcre2_date, [2019-04-22])
# NOTE: The CMakeLists.txt file searches for the above variables in the first # NOTE: The CMakeLists.txt file searches for the above variables in the first
# 50 lines of this file. Please update that if the variables above are moved. # 50 lines of this file. Please update that if the variables above are moved.

View File

@ -305,6 +305,7 @@ pcre2_pattern_convert(). */
#define PCRE2_ERROR_INVALID_HYPHEN_IN_OPTIONS 194 #define PCRE2_ERROR_INVALID_HYPHEN_IN_OPTIONS 194
#define PCRE2_ERROR_ALPHA_ASSERTION_UNKNOWN 195 #define PCRE2_ERROR_ALPHA_ASSERTION_UNKNOWN 195
#define PCRE2_ERROR_SCRIPT_RUN_NOT_AVAILABLE 196 #define PCRE2_ERROR_SCRIPT_RUN_NOT_AVAILABLE 196
#define PCRE2_ERROR_TOO_MANY_CAPTURES 197
/* "Expected" matching error codes: no match and partial match. */ /* "Expected" matching error codes: no match and partial match. */

View File

@ -781,7 +781,7 @@ enum { ERR0 = COMPILE_ERROR_BASE,
ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, ERR70, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, ERR70,
ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, ERR80, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, ERR80,
ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERR88, ERR89, ERR90, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERR88, ERR89, ERR90,
ERR91, ERR92, ERR93, ERR94, ERR95, ERR96 }; ERR91, ERR92, ERR93, ERR94, ERR95, ERR96, ERR97 };
/* This is a table of start-of-pattern options such as (*UTF) and settings such /* This is a table of start-of-pattern options such as (*UTF) and settings such
as (*LIMIT_MATCH=nnnn) and (*CRLF). For completeness and backward as (*LIMIT_MATCH=nnnn) and (*CRLF). For completeness and backward
@ -3611,6 +3611,11 @@ while (ptr < ptrend)
nest_depth++; nest_depth++;
if ((options & PCRE2_NO_AUTO_CAPTURE) == 0) if ((options & PCRE2_NO_AUTO_CAPTURE) == 0)
{ {
if (cb->bracount >= MAX_GROUP_NUMBER)
{
errorcode = ERR97;
goto FAILED;
}
cb->bracount++; cb->bracount++;
*parsed_pattern++ = META_CAPTURE | cb->bracount; *parsed_pattern++ = META_CAPTURE | cb->bracount;
} }
@ -4435,6 +4440,11 @@ while (ptr < ptrend)
/* We have a name for this capturing group. It is also assigned a number, /* We have a name for this capturing group. It is also assigned a number,
which is its primary means of identification. */ which is its primary means of identification. */
if (cb->bracount >= MAX_GROUP_NUMBER)
{
errorcode = ERR97;
goto FAILED;
}
cb->bracount++; cb->bracount++;
*parsed_pattern++ = META_CAPTURE | cb->bracount; *parsed_pattern++ = META_CAPTURE | cb->bracount;
nest_depth++; nest_depth++;

View File

@ -184,6 +184,7 @@ static const unsigned char compile_error_texts[] =
/* 95 */ /* 95 */
"(*alpha_assertion) not recognized\0" "(*alpha_assertion) not recognized\0"
"script runs require Unicode support, which this version of PCRE2 does not have\0" "script runs require Unicode support, which this version of PCRE2 does not have\0"
"too many capturing groups (maximum 65535)\0"
; ;
/* Match-time and UTF error texts are in the same format. */ /* Match-time and UTF error texts are in the same format. */

View File

@ -368,4 +368,6 @@
ab˙Az ab˙Az
ab\x{80000041}z ab\x{80000041}z
/\[()]{65535}/expand
# End of testinput11 # End of testinput11

4
testdata/testinput2 vendored
View File

@ -5587,4 +5587,8 @@ a)"xI
\= Expect error message \= Expect error message
abc\=null_context abc\=null_context
/\[()]{65535}()/expand
/\[()]{65535}(?<A>)/expand
# End of testinput2 # End of testinput2

2
testdata/testinput9 vendored
View File

@ -260,4 +260,6 @@
/(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':ƿ)/ /(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':ƿ)/
/\[()]{65535}/expand
# End of testinput9 # End of testinput9

View File

@ -661,4 +661,7 @@ Subject length lower bound = 1
ab˙Az ab˙Az
ab\x{80000041}z ab\x{80000041}z
/\[()]{65535}/expand
Failed: error 120 at offset 131070: regular expression is too large
# End of testinput11 # End of testinput11

View File

@ -667,4 +667,6 @@ Subject length lower bound = 1
ab\x{80000041}z ab\x{80000041}z
0: ab\x{80000041}z 0: ab\x{80000041}z
/\[()]{65535}/expand
# End of testinput11 # End of testinput11

View File

@ -16934,6 +16934,12 @@ Subject length lower bound = 0
abc\=null_context abc\=null_context
** Replacement callouts are not supported with null_context. ** Replacement callouts are not supported with null_context.
/\[()]{65535}()/expand
Failed: error 197 at offset 131071: too many capturing groups (maximum 65535)
/\[()]{65535}(?<A>)/expand
Failed: error 197 at offset 131075: too many capturing groups (maximum 65535)
# End of testinput2 # End of testinput2
Error -70: PCRE2_ERROR_BADDATA (unknown error number) Error -70: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data Error -62: bad serialized data

View File

@ -367,4 +367,7 @@ Failed: error 134 at offset 14: character code point value in \x{} or \o{} is to
/(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':ƿ)/ /(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':ƿ)/
Failed: error 176 at offset 259: name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN) Failed: error 176 at offset 259: name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
/\[()]{65535}/expand
Failed: error 120 at offset 131070: regular expression is too large
# End of testinput9 # End of testinput9