The JIT compiler should not check repeats after a {0,1} repeat byte code.

This commit is contained in:
Zoltán Herczeg 2015-08-11 05:30:10 +00:00
parent f86d8d35fa
commit 3ec328fe1b
4 changed files with 19 additions and 1 deletions

View File

@ -133,6 +133,9 @@ offsets in the pattern.
35. Error messages for syntax errors in *LIMIT_MATCH and *LIMIT_RECURSION now 35. Error messages for syntax errors in *LIMIT_MATCH and *LIMIT_RECURSION now
give the right offset instead of zero. give the right offset instead of zero.
36. The JIT compiler should not check repeats after a {0,1} repeat byte code.
This issue was found by Karl Skomski with a custom LLVM fuzzer.
Version 10.20 30-June-2015 Version 10.20 30-June-2015
-------------------------- --------------------------

View File

@ -1281,6 +1281,7 @@ PCRE2_SPTR alternative;
PCRE2_SPTR end = NULL; PCRE2_SPTR end = NULL;
int private_data_ptr = *private_data_start; int private_data_ptr = *private_data_start;
int space, size, bracketlen; int space, size, bracketlen;
BOOL repeat_check = TRUE;
while (cc < ccend) while (cc < ccend)
{ {
@ -1290,7 +1291,8 @@ while (cc < ccend)
if (private_data_ptr > SLJIT_MAX_LOCAL_SIZE) if (private_data_ptr > SLJIT_MAX_LOCAL_SIZE)
break; break;
if (*cc == OP_ONCE || *cc == OP_ONCE_NC || *cc == OP_BRA || *cc == OP_CBRA || *cc == OP_COND) if (repeat_check && (*cc == OP_ONCE || *cc == OP_ONCE_NC || *cc == OP_BRA || *cc == OP_CBRA || *cc == OP_COND))
{
if (detect_repeat(common, cc)) if (detect_repeat(common, cc))
{ {
/* These brackets are converted to repeats, so no global /* These brackets are converted to repeats, so no global
@ -1298,6 +1300,8 @@ while (cc < ccend)
if (cc >= end) if (cc >= end)
end = bracketend(cc); end = bracketend(cc);
} }
}
repeat_check = TRUE;
switch(*cc) switch(*cc)
{ {
@ -1353,6 +1357,13 @@ while (cc < ccend)
bracketlen = 1 + LINK_SIZE + IMM2_SIZE; bracketlen = 1 + LINK_SIZE + IMM2_SIZE;
break; break;
case OP_BRAZERO:
case OP_BRAMINZERO:
case OP_BRAPOSZERO:
repeat_check = FALSE;
size = 1;
break;
CASE_ITERATOR_PRIVATE_DATA_1 CASE_ITERATOR_PRIVATE_DATA_1
space = 1; space = 1;
size = -2; size = -2;

2
testdata/testinput2 vendored
View File

@ -4403,4 +4403,6 @@ a random value. /Ix
/(*CRLF)(*LIMIT_MATCH=)abc/ /(*CRLF)(*LIMIT_MATCH=)abc/
/(?:ab)?(?:ab)(?:ab)/
# End of testinput2 # End of testinput2

View File

@ -14657,4 +14657,6 @@ Failed: error 160 at offset 14: (*VERB) not recognized or malformed
/(*CRLF)(*LIMIT_MATCH=)abc/ /(*CRLF)(*LIMIT_MATCH=)abc/
Failed: error 160 at offset 21: (*VERB) not recognized or malformed Failed: error 160 at offset 21: (*VERB) not recognized or malformed
/(?:ab)?(?:ab)(?:ab)/
# End of testinput2 # End of testinput2