diff --git a/ChangeLog b/ChangeLog index 58ac521..409a1d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -340,6 +340,10 @@ offset as zero instead of where the invalidity was found. 101. Further to 97 above, negated classes such as [^[:^ascii:]\d] were also not working correctly in UCP mode. +102. Similar to 99 above, if an isolated \E was present between an item and its +qualifier when PCRE2_AUTO_CALLOUT was set, pcre2_compile() misbehaved. This bug +was found by the LLVM fuzzer. + Version 10.20 30-June-2015 -------------------------- diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c index 64fac22..db674d4 100644 --- a/src/pcre2_compile.c +++ b/src/pcre2_compile.c @@ -3947,9 +3947,10 @@ for (;; ptr++) last_code = code; } - /* If in \Q...\E, check for the end; if not, we have a literal */ + /* If in \Q...\E, check for the end; if not, we have a literal. If not in + \Q...\E, an isolated \E is ignored. */ - if (inescq && (c != CHAR_NULL || ptr < cb->end_pattern)) + if (c != CHAR_NULL || ptr < cb->end_pattern) { if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E) { @@ -3957,7 +3958,7 @@ for (;; ptr++) ptr++; continue; } - else + else if (inescq) { if (previous_callout != NULL) { @@ -3972,7 +3973,6 @@ for (;; ptr++) } goto NORMAL_CHAR; } - /* Control does not reach here. */ } /* In extended mode, skip white space and comments. We need a loop in order diff --git a/testdata/testinput2 b/testdata/testinput2 index 1bd8c79..e7e0598 100644 --- a/testdata/testinput2 +++ b/testdata/testinput2 @@ -4697,4 +4697,6 @@ a)"xI /L(?#(|++