Revision: 228
http://www.exim.org/viewvc/pcre2?view=rev&revision=228
Author: ph10
Date: 2015-03-20 12:37:28 +0000 (Fri, 20 Mar 2015)
Log Message:
-----------
Fix data overrun for /(?(?C)/
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_compile.c
code/trunk/src/pcre2_error.c
code/trunk/src/pcre2posix.c
code/trunk/testdata/testinput17
code/trunk/testdata/testoutput17
code/trunk/testdata/testoutput2
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-03-16 15:38:26 UTC (rev 227)
+++ code/trunk/ChangeLog 2015-03-20 12:37:28 UTC (rev 228)
@@ -8,7 +8,11 @@
2. Assertion code generator in JIT has been optimized.
+3. The invalid pattern (?(?C) has a missing assertion condition at the end. The
+pcre2_compile() function read past the end of the input before diagnosing an
+error.
+
Version 10.10 06-March-2015
---------------------------
Modified: code/trunk/src/pcre2_compile.c
===================================================================
--- code/trunk/src/pcre2_compile.c 2015-03-16 15:38:26 UTC (rev 227)
+++ code/trunk/src/pcre2_compile.c 2015-03-20 12:37:28 UTC (rev 228)
@@ -5248,10 +5248,19 @@
if (ptr[i+1] == CHAR_RIGHT_PARENTHESIS) tempptr += i + 2;
break;
}
- }
+ }
}
}
}
+
+ /* tempptr should now be pointing to the opening parenthesis of the
+ assertion condition. */
+
+ if (*tempptr != CHAR_LEFT_PARENTHESIS)
+ {
+ *errorcodeptr = ERR28;
+ goto FAILED;
+ }
}
/* For conditions that are assertions, check the syntax, and then exit
@@ -5657,7 +5666,7 @@
/* In the real compile we can copy the string, knowing that it is
syntactically OK. The starting delimiter is included so that the
- client can discover it if they want. We also pass the start offset to
+ client can discover it if they want. We also pass the start offset to
help a script language give better error messages. */
else
Modified: code/trunk/src/pcre2_error.c
===================================================================
--- code/trunk/src/pcre2_error.c 2015-03-16 15:38:26 UTC (rev 227)
+++ code/trunk/src/pcre2_error.c 2015-03-20 12:37:28 UTC (rev 228)
@@ -97,7 +97,7 @@
"lookbehind assertion is not fixed length\0"
"malformed number or name after (?(\0"
"conditional group contains more than two branches\0"
- "assertion expected after (?(\0"
+ "assertion expected after (?( or (?(?C)\0"
"(?R or (?[+-]digits must be followed by )\0"
/* 30 */
"unknown POSIX class name\0"
Modified: code/trunk/src/pcre2posix.c
===================================================================
--- code/trunk/src/pcre2posix.c 2015-03-16 15:38:26 UTC (rev 227)
+++ code/trunk/src/pcre2posix.c 2015-03-20 12:37:28 UTC (rev 228)
@@ -216,8 +216,8 @@
if ((cflags & REG_UCP) != 0) options |= PCRE2_UCP;
if ((cflags & REG_UNGREEDY) != 0) options |= PCRE2_UNGREEDY;
-preg->re_pcre2_code = pcre2_compile((PCRE2_SPTR)pattern, -1, options,
- &errorcode, &erroffset, NULL);
+preg->re_pcre2_code = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED,
+ options, &errorcode, &erroffset, NULL);
preg->re_erroffset = erroffset;
if (preg->re_pcre2_code == NULL)
Modified: code/trunk/testdata/testinput17
===================================================================
--- code/trunk/testdata/testinput17 2015-03-16 15:38:26 UTC (rev 227)
+++ code/trunk/testdata/testinput17 2015-03-20 12:37:28 UTC (rev 228)
@@ -90,4 +90,6 @@
/abc/\
+"(?(?C)"
+
# End of testdata/testinput16
Modified: code/trunk/testdata/testoutput17
===================================================================
--- code/trunk/testdata/testoutput17 2015-03-16 15:38:26 UTC (rev 227)
+++ code/trunk/testdata/testoutput17 2015-03-20 12:37:28 UTC (rev 228)
@@ -142,4 +142,7 @@
/abc/\
Failed: POSIX code 9: bad escape sequence at offset 4
+"(?(?C)"
+Failed: POSIX code 3: pattern error at offset 2
+
# End of testdata/testinput16
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2015-03-16 15:38:26 UTC (rev 227)
+++ code/trunk/testdata/testoutput2 2015-03-20 12:37:28 UTC (rev 228)
@@ -567,7 +567,7 @@
Failed: error 126 at offset 4: malformed number or name after (?(
/(?(?i))/
-Failed: error 128 at offset 3: assertion expected after (?(
+Failed: error 128 at offset 3: assertion expected after (?( or (?(?C)
/(?(abc))/
Failed: error 115 at offset 7: reference to non-existent subpattern
@@ -7367,7 +7367,7 @@
Failed: error 126 at offset 6: malformed number or name after (?(
/(?(''))/
-Failed: error 128 at offset 4: assertion expected after (?(
+Failed: error 128 at offset 4: assertion expected after (?( or (?(?C)
/(?('R')stuff)/
Failed: error 115 at offset 7: reference to non-existent subpattern