[Pcre-svn] [234] code/trunk: Fix mutual recursion inside oth…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Author: Subversion repository
Date:  
To: pcre-svn
Subject: [Pcre-svn] [234] code/trunk: Fix mutual recursion inside other parentheses stack overflow bug.
Revision: 234
          http://www.exim.org/viewvc/pcre2?view=rev&revision=234
Author:   ph10
Date:     2015-03-27 17:45:02 +0000 (Fri, 27 Mar 2015)


Log Message:
-----------
Fix mutual recursion inside other parentheses stack overflow bug. 

Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/src/pcre2_compile.c
    code/trunk/testdata/testinput2
    code/trunk/testdata/testoutput2


Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2015-03-25 19:26:27 UTC (rev 233)
+++ code/trunk/ChangeLog    2015-03-27 17:45:02 UTC (rev 234)
@@ -37,7 +37,11 @@
 compile the pattern, leading to a buffer overflow. This bug was discovered by
 the LLVM fuzzer.


+10. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
+other kinds of group caused stack overflow at compile time. This bug was
+discovered by the LLVM fuzzer.

+
Version 10.10 06-March-2015
--------------------------- 


Modified: code/trunk/src/pcre2_compile.c
===================================================================
--- code/trunk/src/pcre2_compile.c    2015-03-25 19:26:27 UTC (rev 233)
+++ code/trunk/src/pcre2_compile.c    2015-03-27 17:45:02 UTC (rev 234)
@@ -1331,8 +1331,8 @@
       empty_branch = FALSE;
       do
         {
-        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cb, NULL))
-          empty_branch = TRUE;
+        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cb, 
+          recurses)) empty_branch = TRUE;
         code += GET(code, 1);
         }
       while (*code == OP_ALT);


Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2    2015-03-25 19:26:27 UTC (rev 233)
+++ code/trunk/testdata/testinput2    2015-03-27 17:45:02 UTC (rev 234)
@@ -4236,4 +4236,9 @@
     ** Failers 
     aaa 


+# JIT gives a different error message for the infinite recursion
+
+"(*NO_JIT)((?2)+)((?1)){"
+    abcd{
+
 # End of testinput2 


Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2    2015-03-25 19:26:27 UTC (rev 233)
+++ code/trunk/testdata/testoutput2    2015-03-27 17:45:02 UTC (rev 234)
@@ -14198,4 +14198,10 @@
     aaa 
 No match


+# JIT gives a different error message for the infinite recursion
+
+"(*NO_JIT)((?2)+)((?1)){"
+    abcd{
+Failed: error -52: nested recursion at the same subject position
+
 # End of testinput2


This message was posted to the following mailing lists:
Pcre-svn
Mailing List Info | Nearby Messages		<-[Pcre-svn] [1536] code/trunk: Fix memory bug for [\S\V\H] compile.[Pcre-svn] [1537] code/trunk: Fix mutual recursion inside other groups stack overflow bug.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)