walkero
/
pcre2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix misbehaving DFA match for possessively repeated character class (Bugzilla 

2086).
This commit is contained in:
Philip.Hazel 2017-03-22 15:12:06 +00:00
parent de307ea031
commit d5ca2dee9d
4 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -80,6 +80,9 @@ a NULL pattern pointer when Unicode support is available.
were longer than 64 code units could cause a buffer overflow. This was a bug in were longer than 64 code units could cause a buffer overflow. This was a bug in
pcre2test. pcre2test.
14. The alternative matching function, pcre2_dfa_match() misbehaved if it
encountered a character class with a possessive repeat, for example [a-f]{3}+.
Version 10.23 14-February-2017 Version 10.23 14-February-2017
------------------------------ ------------------------------

10
src/pcre2_dfa_match.c
View File

@ -544,7 +544,7 @@ for (;;)
BOOL partial_newline = FALSE; BOOL partial_newline = FALSE;
BOOL could_continue = reset_could_continue; BOOL could_continue = reset_could_continue;
reset_could_continue = FALSE; reset_could_continue = FALSE;
if (ptr > mb->last_used_ptr) mb->last_used_ptr = ptr; if (ptr > mb->last_used_ptr) mb->last_used_ptr = ptr;
/* Make the new state list into the active state list and empty the /* Make the new state list into the active state list and empty the
@ -597,7 +597,7 @@ for (;;)
int state_offset = current_state->offset; int state_offset = current_state->offset;
int rrc; int rrc;
int count; int count;
/* A negative offset is a special case meaning "hold off going to this /* A negative offset is a special case meaning "hold off going to this
(negated) state until the number of characters in the data field have (negated) state until the number of characters in the data field have
been skipped". If the could_continue flag was passed over from a previous been skipped". If the could_continue flag was passed over from a previous
@ -633,7 +633,7 @@ for (;;)
code = start_code + state_offset; code = start_code + state_offset;
codevalue = *code; codevalue = *code;
/* If this opcode inspects a character, but we are at the end of the /* If this opcode inspects a character, but we are at the end of the
subject, remember the fact for use when testing for a partial match. */ subject, remember the fact for use when testing for a partial match. */
@ -2539,11 +2539,13 @@ for (;;)
if (isinclass) if (isinclass)
{ {
int max = (int)GET2(ecode, 1 + IMM2_SIZE); int max = (int)GET2(ecode, 1 + IMM2_SIZE);
if (*ecode == OP_CRPOSRANGE)
if (*ecode == OP_CRPOSRANGE && count >= (int)GET2(ecode, 1))
{ {
active_count--; /* Remove non-match possibility */ active_count--; /* Remove non-match possibility */
next_active_state--; next_active_state--;
} }
if (++count >= max && max != 0) /* Max 0 => no limit */ if (++count >= max && max != 0) /* Max 0 => no limit */
{ ADD_NEW(next_state_offset + 1 + 2 * IMM2_SIZE, 0); } { ADD_NEW(next_state_offset + 1 + 2 * IMM2_SIZE, 0); }
else else

3
testdata/testinput6 vendored
View File

@ -4886,4 +4886,7 @@
\= Expect depth limit exceeded \= Expect depth limit exceeded
a[00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00] a[00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]
/(02-)?[0-9]{3}-[0-9]{3}/
02-123-123
# End of testinput6 # End of testinput6

4
testdata/testoutput6 vendored
View File

@ -7685,4 +7685,8 @@ No match
a[00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00] a[00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]
Failed: error -53: matching depth limit exceeded Failed: error -53: matching depth limit exceeded
/(02-)?[0-9]{3}-[0-9]{3}/
02-123-123
0: 02-123-123
# End of testinput6 # End of testinput6