Revision: 1521
http://vcs.pcre.org/viewvc?view=rev&revision=1521
Author: ph10
Date: 2015-02-08 16:43:13 +0000 (Sun, 08 Feb 2015)
Log Message:
-----------
Fix duplicate names memory calculation error.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcre_compile.c
code/trunk/testdata/testinput2
code/trunk/testdata/testoutput11-16
code/trunk/testdata/testoutput11-32
code/trunk/testdata/testoutput11-8
code/trunk/testdata/testoutput2
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-02-08 16:29:23 UTC (rev 1520)
+++ code/trunk/ChangeLog 2015-02-08 16:43:13 UTC (rev 1521)
@@ -43,7 +43,12 @@
FALSE when the capture could not be consulted, leading to a incorrect
behaviour by pcre2_match(). This bug has been fixed.
+9. A reference to a duplicated named group (either a back reference or a test
+ for being set in a conditional) that occurred in a part of the pattern where
+ PCRE_DUPNAMES was not set caused the amount of memory needed for the pattern
+ to be incorrectly calculated, leading to overwriting.
+
Version 8.36 26-September-2014
------------------------------
Modified: code/trunk/pcre_compile.c
===================================================================
--- code/trunk/pcre_compile.c 2015-02-08 16:29:23 UTC (rev 1520)
+++ code/trunk/pcre_compile.c 2015-02-08 16:43:13 UTC (rev 1521)
@@ -6734,8 +6734,7 @@
ptr++;
}
namelen = (int)(ptr - name);
- if (lengthptr != NULL && (options & PCRE_DUPNAMES) != 0)
- *lengthptr += IMM2_SIZE;
+ if (lengthptr != NULL) *lengthptr += IMM2_SIZE;
}
/* Check the terminator */
@@ -7152,11 +7151,11 @@
if (!is_recurse) cd->namedrefcount++;
- /* If duplicate names are permitted, we have to allow for a named
- reference to a duplicated name (this cannot be determined until the
- second pass). This needs an extra 16-bit data item. */
+ /* We have to allow for a named reference to a duplicated name (this
+ cannot be determined until the second pass). This needs an extra
+ 16-bit data item. */
- if ((options & PCRE_DUPNAMES) != 0) *lengthptr += IMM2_SIZE;
+ *lengthptr += IMM2_SIZE;
}
/* In the real compile, search the name table. We check the name
@@ -9156,13 +9155,6 @@
goto PCRE_EARLY_ERROR_RETURN;
}
-/* If there are groups with duplicate names and there are also references by
-name, we must allow for the possibility of named references to duplicated
-groups. These require an extra data item each. */
-
-if (cd->dupnames && cd->namedrefcount > 0)
- length += cd->namedrefcount * IMM2_SIZE * sizeof(pcre_uchar);
-
/* Compute the size of the data block for storing the compiled pattern. Integer
overflow should no longer be possible because nowadays we limit the maximum
value of cd->names_found and cd->name_entry_size. */
Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2 2015-02-08 16:29:23 UTC (rev 1520)
+++ code/trunk/testdata/testinput2 2015-02-08 16:43:13 UTC (rev 1521)
@@ -4100,4 +4100,6 @@
aa123\O3
aa123\O6
+/(?<N111>(?J)(?<N111>1(111111)11|)1|1|)(?(<N111>)1)/
+
/-- End of testinput2 --/
Modified: code/trunk/testdata/testoutput11-16
===================================================================
--- code/trunk/testdata/testoutput11-16 2015-02-08 16:29:23 UTC (rev 1520)
+++ code/trunk/testdata/testoutput11-16 2015-02-08 16:43:13 UTC (rev 1521)
@@ -231,7 +231,7 @@
------------------------------------------------------------------
/(?P<a>a)...(?P=a)bbb(?P>a)d/BM
-Memory allocation (code space): 57
+Memory allocation (code space): 61
------------------------------------------------------------------
0 24 Bra
2 5 CBra 1
Modified: code/trunk/testdata/testoutput11-32
===================================================================
--- code/trunk/testdata/testoutput11-32 2015-02-08 16:29:23 UTC (rev 1520)
+++ code/trunk/testdata/testoutput11-32 2015-02-08 16:43:13 UTC (rev 1521)
@@ -231,7 +231,7 @@
------------------------------------------------------------------
/(?P<a>a)...(?P=a)bbb(?P>a)d/BM
-Memory allocation (code space): 117
+Memory allocation (code space): 125
------------------------------------------------------------------
0 24 Bra
2 5 CBra 1
Modified: code/trunk/testdata/testoutput11-8
===================================================================
--- code/trunk/testdata/testoutput11-8 2015-02-08 16:29:23 UTC (rev 1520)
+++ code/trunk/testdata/testoutput11-8 2015-02-08 16:43:13 UTC (rev 1521)
@@ -231,7 +231,7 @@
------------------------------------------------------------------
/(?P<a>a)...(?P=a)bbb(?P>a)d/BM
-Memory allocation (code space): 34
+Memory allocation (code space): 38
------------------------------------------------------------------
0 30 Bra
3 7 CBra 1
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2015-02-08 16:29:23 UTC (rev 1520)
+++ code/trunk/testdata/testoutput2 2015-02-08 16:43:13 UTC (rev 1521)
@@ -14273,4 +14273,6 @@
0: aa
1: <unset>
+/(?<N111>(?J)(?<N111>1(111111)11|)1|1|)(?(<N111>)1)/
+
/-- End of testinput2 --/
