Fix bad processing of (?x)(*MARK) within another group.

2015-07-15 09:34:04 +00:00 · 2015-07-15 09:34:04 +00:00 · 328c7920cc
parent 098562db96
commit 328c7920cc
4 changed files with 13 additions and 0 deletions
--- a/7
+++ b/7
@ -18,6 +18,13 @@ pcre2_auto_possessify.c source.
 processing them could involve a buffer overflow if the following character was 
 an opening parenthesis.

+6. Change 36 for 10.20 also introduced a bug in processing this pattern:
+/((?x)(*:0))#(?'/. Specifically: if a setting of (?x) was followed by a (*MARK) 
+setting (which (*:0) is), then (?x) did not get unset at the end of its group 
+during the scan for named groups, and hence the external # was incorrectly
+treated as a comment and the invalid (?' at the end of the pattern was not 
+diagnosed. This caused a buffer overflow during the real compile.
+

 Version 10.20 30-June-2015
 --------------------------
--- a/src/pcre2_compile.c
+++ b/src/pcre2_compile.c
@ -3334,6 +3334,7 @@ for (; ptr < cb->end_pattern; ptr++)
        {
        ptr += 2;
        while (ptr < cb->end_pattern && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
+        nest_depth--;
        }
      }

--- a/testdata/testinput2
+++ b/testdata/testinput2
@ -4329,4 +4329,6 @@ a random value. /Ix

 /[[:>:]](?<)/

+/((?x)(*:0))#(?'/
+
 # End of testinput2 
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@ -14473,4 +14473,7 @@ Failed: error 161 at offset 32: number is too big
 /[[:>:]](?<)/
 Failed: error 124 at offset 10: unrecognized character after (?<

+/((?x)(*:0))#(?'/
+Failed: error 124 at offset 15: unrecognized character after (?<
+
 # End of testinput2