Fix not diagnosis of missing ) for callout with string argument.
This commit is contained in:
parent
01c4647b02
commit
688151205d
|
@ -62,6 +62,9 @@ first of these bugs was discovered by Karl Skomski with the LLVM fuzzer.
|
||||||
pcre2_compile() to run for a very long time. This bug was found by the LLVM
|
pcre2_compile() to run for a very long time. This bug was found by the LLVM
|
||||||
fuzzer.
|
fuzzer.
|
||||||
|
|
||||||
|
17. A missing closing parenthesis for a callout with a string argument was not
|
||||||
|
being diagnosed, possibly leading to a buffer overflow. This bug was found by
|
||||||
|
the LLVM fuzzer.
|
||||||
|
|
||||||
|
|
||||||
Version 10.20 30-June-2015
|
Version 10.20 30-June-2015
|
||||||
|
|
|
@ -3277,17 +3277,12 @@ for (; ptr < cb->end_pattern; ptr++)
|
||||||
if (IS_DIGIT(ptr[1]))
|
if (IS_DIGIT(ptr[1]))
|
||||||
{
|
{
|
||||||
while (IS_DIGIT(ptr[1])) ptr++;
|
while (IS_DIGIT(ptr[1])) ptr++;
|
||||||
if (ptr[1] != CHAR_RIGHT_PARENTHESIS)
|
|
||||||
{
|
|
||||||
errorcode = ERR39;
|
|
||||||
ptr++;
|
|
||||||
goto FAILED;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Handle a string argument */
|
/* Handle a string argument */
|
||||||
|
|
||||||
|
else
|
||||||
|
{
|
||||||
ptr++;
|
ptr++;
|
||||||
delimiter = 0;
|
delimiter = 0;
|
||||||
for (i = 0; PRIV(callout_start_delims)[i] != 0; i++)
|
for (i = 0; PRIV(callout_start_delims)[i] != 0; i++)
|
||||||
|
@ -3317,6 +3312,16 @@ for (; ptr < cb->end_pattern; ptr++)
|
||||||
if (ptr[0] == delimiter && ptr[1] == delimiter) ptr += 2;
|
if (ptr[0] == delimiter && ptr[1] == delimiter) ptr += 2;
|
||||||
}
|
}
|
||||||
while (ptr[0] != delimiter);
|
while (ptr[0] != delimiter);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check terminating ) */
|
||||||
|
|
||||||
|
if (ptr[1] != CHAR_RIGHT_PARENTHESIS)
|
||||||
|
{
|
||||||
|
errorcode = ERR39;
|
||||||
|
ptr++;
|
||||||
|
goto FAILED;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CHAR_LEFT_PARENTHESIS:
|
case CHAR_LEFT_PARENTHESIS:
|
||||||
|
|
|
@ -1651,4 +1651,6 @@
|
||||||
|
|
||||||
/$(&.+[\p{Me}].\s\xdcC*?(?(<y>))(?<!^)$C((;*?(R))+(?(R)){0,6}?|){12\x8a\X*?\x8a\x0b\xd1^9\3*+(\xc1,\k'P'\xb4)\xcc(z\z(?JJ)(?'X'8};(\x0b\xd1^9\?'3*+(\xc1.]k+\x0b'Pm'\xb4\xcc4'\xd1'(?'X'))?-%--\x95$9*\4'|\xd1(''%\x95*$9)#(?'R')3\x07?('P\xed')\\x16:;()\x1e\x10*:(?<y>)\xd1+!~:(?)''(d'E:yD!\s(?'R'\x1e;\x10:U))|')g!\xb0*){29+))#(?'P'})*?/
|
/$(&.+[\p{Me}].\s\xdcC*?(?(<y>))(?<!^)$C((;*?(R))+(?(R)){0,6}?|){12\x8a\X*?\x8a\x0b\xd1^9\3*+(\xc1,\k'P'\xb4)\xcc(z\z(?JJ)(?'X'8};(\x0b\xd1^9\?'3*+(\xc1.]k+\x0b'Pm'\xb4\xcc4'\xd1'(?'X'))?-%--\x95$9*\4'|\xd1(''%\x95*$9)#(?'R')3\x07?('P\xed')\\x16:;()\x1e\x10*:(?<y>)\xd1+!~:(?)''(d'E:yD!\s(?'R'\x1e;\x10:U))|')g!\xb0*){29+))#(?'P'})*?/
|
||||||
|
|
||||||
|
"(*UTF)(*UCP)(.UTF).+X(\V+;\^(\D|)!999}(?(?C{7(?C')\H*\S*/^\x5\xa\\xd3\x85n?(;\D*(?m).[^mH+((*UCP)(*U:F)})(?!^)(?'"
|
||||||
|
|
||||||
# End of testinput5
|
# End of testinput5
|
||||||
|
|
|
@ -4050,4 +4050,7 @@ Failed: error 122 at offset 1227: unmatched closing parenthesis
|
||||||
|
|
||||||
/$(&.+[\p{Me}].\s\xdcC*?(?(<y>))(?<!^)$C((;*?(R))+(?(R)){0,6}?|){12\x8a\X*?\x8a\x0b\xd1^9\3*+(\xc1,\k'P'\xb4)\xcc(z\z(?JJ)(?'X'8};(\x0b\xd1^9\?'3*+(\xc1.]k+\x0b'Pm'\xb4\xcc4'\xd1'(?'X'))?-%--\x95$9*\4'|\xd1(''%\x95*$9)#(?'R')3\x07?('P\xed')\\x16:;()\x1e\x10*:(?<y>)\xd1+!~:(?)''(d'E:yD!\s(?'R'\x1e;\x10:U))|')g!\xb0*){29+))#(?'P'})*?/
|
/$(&.+[\p{Me}].\s\xdcC*?(?(<y>))(?<!^)$C((;*?(R))+(?(R)){0,6}?|){12\x8a\X*?\x8a\x0b\xd1^9\3*+(\xc1,\k'P'\xb4)\xcc(z\z(?JJ)(?'X'8};(\x0b\xd1^9\?'3*+(\xc1.]k+\x0b'Pm'\xb4\xcc4'\xd1'(?'X'))?-%--\x95$9*\4'|\xd1(''%\x95*$9)#(?'R')3\x07?('P\xed')\\x16:;()\x1e\x10*:(?<y>)\xd1+!~:(?)''(d'E:yD!\s(?'R'\x1e;\x10:U))|')g!\xb0*){29+))#(?'P'})*?/
|
||||||
|
|
||||||
|
"(*UTF)(*UCP)(.UTF).+X(\V+;\^(\D|)!999}(?(?C{7(?C')\H*\S*/^\x5\xa\\xd3\x85n?(;\D*(?m).[^mH+((*UCP)(*U:F)})(?!^)(?'"
|
||||||
|
Failed: error 139 at offset 113: closing parenthesis for (?C expected
|
||||||
|
|
||||||
# End of testinput5
|
# End of testinput5
|
||||||
|
|
Loading…
Reference in New Issue