Revision: 1522
http://vcs.pcre.org/viewvc?view=rev&revision=1522
Author: ph10
Date: 2015-02-08 17:02:05 +0000 (Sun, 08 Feb 2015)
Log Message:
-----------
Fix crash when mutual recursion such as (\2)(\1) is studied.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcre_study.c
code/trunk/testdata/testinput1
code/trunk/testdata/testoutput1
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-02-08 16:43:13 UTC (rev 1521)
+++ code/trunk/ChangeLog 2015-02-08 17:02:05 UTC (rev 1522)
@@ -48,7 +48,12 @@
PCRE_DUPNAMES was not set caused the amount of memory needed for the pattern
to be incorrectly calculated, leading to overwriting.
+10. A mutually recursive set of back references such as (\2)(\1) caused a
+ segfault at study time (while trying to find the minimum matching length).
+ The infinite loop is now broken (with the minimum length unset, that is,
+ zero).
+
Version 8.36 26-September-2014
------------------------------
Modified: code/trunk/pcre_study.c
===================================================================
--- code/trunk/pcre_study.c 2015-02-08 16:43:13 UTC (rev 1521)
+++ code/trunk/pcre_study.c 2015-02-08 17:02:05 UTC (rev 1522)
@@ -393,7 +393,7 @@
ce = cs = (pcre_uchar *)PRIV(find_bracket)(startcode, utf, GET2(slot, 0));
if (cs == NULL) return -2;
do ce += GET(ce, 1); while (*ce == OP_ALT);
- if (cc > cs && cc < ce)
+ if ((cc > cs && cc < ce) || recurse_depth > 10)
{
d = 0;
had_recurse = TRUE;
@@ -401,7 +401,7 @@
}
else
{
- int dd = find_minlength(re, cs, startcode, options, recurse_depth);
+ int dd = find_minlength(re, cs, startcode, options, recurse_depth+1);
if (dd < d) d = dd;
}
slot += re->name_entry_size;
@@ -418,14 +418,14 @@
ce = cs = (pcre_uchar *)PRIV(find_bracket)(startcode, utf, GET2(cc, 1));
if (cs == NULL) return -2;
do ce += GET(ce, 1); while (*ce == OP_ALT);
- if (cc > cs && cc < ce)
+ if ((cc > cs && cc < ce) || recurse_depth > 10)
{
d = 0;
had_recurse = TRUE;
}
else
{
- d = find_minlength(re, cs, startcode, options, recurse_depth);
+ d = find_minlength(re, cs, startcode, options, recurse_depth + 1);
}
}
else d = 0;
Modified: code/trunk/testdata/testinput1
===================================================================
--- code/trunk/testdata/testinput1 2015-02-08 16:43:13 UTC (rev 1521)
+++ code/trunk/testdata/testinput1 2015-02-08 17:02:05 UTC (rev 1522)
@@ -5723,4 +5723,6 @@
/(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/
1234abcd
+/(\2)(\1)/
+
/-- End of testinput1 --/
Modified: code/trunk/testdata/testoutput1
===================================================================
--- code/trunk/testdata/testoutput1 2015-02-08 16:43:13 UTC (rev 1521)
+++ code/trunk/testdata/testoutput1 2015-02-08 17:02:05 UTC (rev 1522)
@@ -9420,4 +9420,6 @@
4: <unset>
5:
+/(\2)(\1)/
+
/-- End of testinput1 --/
