Revision: 963
http://vcs.pcre.org/viewvc?view=rev&revision=963
Author: ph10
Date: 2012-04-21 19:06:31 +0100 (Sat, 21 Apr 2012)
Log Message:
-----------
Fix ovector overrun when backreferences need temporary memory and the highest
block is not used.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcre_exec.c
code/trunk/pcretest.c
code/trunk/testdata/testinput2
code/trunk/testdata/testoutput2
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2012-04-20 17:28:23 UTC (rev 962)
+++ code/trunk/ChangeLog 2012-04-21 18:06:31 UTC (rev 963)
@@ -95,6 +95,18 @@
\w+ when the character tables indicated that \x{c4} was a word character.
There were several related cases, all because the tests for doing a table
lookup were testing for characters less than 127 instead of 255.
+
+27. If a pattern contains capturing parentheses that are not used in a match,
+ their slots in the ovector are set to -1. For those that are higher than
+ any matched groups, this happens at the end of processing. In the case when
+ there were back references that the ovector was too small to contain
+ (causing temporary malloc'd memory to be used during matching), and the
+ highest capturing number was not used, memory off the end of the ovector
+ was incorrectly being set to -1. (It was using the size of the temporary
+ memory instead of the true size.)
+
+28. To catch bugs like 27 using valgrind, when pcretest is asked to specify an
+ ovector size, it uses memory at the end of the block that it has got.
Version 8.30 04-February-2012
Modified: code/trunk/pcre_exec.c
===================================================================
--- code/trunk/pcre_exec.c 2012-04-20 17:28:23 UTC (rev 962)
+++ code/trunk/pcre_exec.c 2012-04-21 18:06:31 UTC (rev 963)
@@ -7070,7 +7070,7 @@
{
register int *iptr, *iend;
int resetcount = 2 + re->top_bracket * 2;
- if (resetcount > offsetcount) resetcount = ocount;
+ if (resetcount > offsetcount) resetcount = offsetcount;
iptr = offsets + md->end_offset_top;
iend = offsets + resetcount;
while (iptr < iend) *iptr++ = -1;
Modified: code/trunk/pcretest.c
===================================================================
--- code/trunk/pcretest.c 2012-04-20 17:28:23 UTC (rev 962)
+++ code/trunk/pcretest.c 2012-04-21 18:06:31 UTC (rev 963)
@@ -3719,6 +3719,7 @@
}
use_size_offsets = n;
if (n == 0) use_offsets = NULL; /* Ensures it can't write to it */
+ else use_offsets = offsets + size_offsets_max - n; /* To catch overruns */
continue;
case 'P':
Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2 2012-04-20 17:28:23 UTC (rev 962)
+++ code/trunk/testdata/testinput2 2012-04-21 18:06:31 UTC (rev 963)
@@ -3760,4 +3760,7 @@
/(?=a(*COMMIT)b|(ac)) ac | (a)c/x
ac
+"AB(C(D))(E(F))?(?(?=\2)(?=\4))"
+ ABCDGHI\O03
+
/-- End of testinput2 --/
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2012-04-20 17:28:23 UTC (rev 962)
+++ code/trunk/testdata/testoutput2 2012-04-21 18:06:31 UTC (rev 963)
@@ -12349,4 +12349,9 @@
1: <unset>
2: a
+"AB(C(D))(E(F))?(?(?=\2)(?=\4))"
+ ABCDGHI\O03
+Matched, but too many substrings
+ 0: ABCD
+
/-- End of testinput2 --/