walkero
/
pcre2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix mutual recursion inside other parentheses stack overflow bug.

This commit is contained in:
Philip.Hazel 2015-03-27 17:45:02 +00:00
parent cd85fae3c6
commit 6b6e611b39
4 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -37,6 +37,10 @@ interacting badly with the code for computing the amount of space needed to
compile the pattern, leading to a buffer overflow. This bug was discovered by compile the pattern, leading to a buffer overflow. This bug was discovered by
the LLVM fuzzer. the LLVM fuzzer.
10. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
other kinds of group caused stack overflow at compile time. This bug was
discovered by the LLVM fuzzer.
Version 10.10 06-March-2015 Version 10.10 06-March-2015
--------------------------- ---------------------------

4
src/pcre2_compile.c
View File

@ -1331,8 +1331,8 @@ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE);
empty_branch = FALSE; empty_branch = FALSE;
do do
{ {
if (!empty_branch && could_be_empty_branch(code, endcode, utf, cb, NULL)) if (!empty_branch && could_be_empty_branch(code, endcode, utf, cb,
empty_branch = TRUE; recurses)) empty_branch = TRUE;
code += GET(code, 1); code += GET(code, 1);
} }
while (*code == OP_ALT); while (*code == OP_ALT);

5
testdata/testinput2 vendored
View File

@ -4236,4 +4236,9 @@ a random value. /Ix
** Failers ** Failers
aaa aaa
# JIT gives a different error message for the infinite recursion
"(*NO_JIT)((?2)+)((?1)){"
abcd{
# End of testinput2 # End of testinput2

6
testdata/testoutput2 vendored
View File

@ -14198,4 +14198,10 @@ No match
aaa aaa
No match No match
# JIT gives a different error message for the infinite recursion
"(*NO_JIT)((?2)+)((?1)){"
abcd{
Failed: error -52: nested recursion at the same subject position
# End of testinput2 # End of testinput2