Revision: 1537
http://vcs.pcre.org/viewvc?view=rev&revision=1537
Author: ph10
Date: 2015-03-27 17:48:28 +0000 (Fri, 27 Mar 2015)
Log Message:
-----------
Fix mutual recursion inside other groups stack overflow bug.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcre_compile.c
code/trunk/testdata/testinput2
code/trunk/testdata/testoutput2
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-03-27 16:44:50 UTC (rev 1536)
+++ code/trunk/ChangeLog 2015-03-27 17:48:28 UTC (rev 1537)
@@ -122,6 +122,10 @@
interacting badly with the code for computing the amount of space needed to
compile the pattern, leading to a buffer overflow. This bug was discovered
by the LLVM fuzzer.
+
+31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
+ other kinds of group caused stack overflow at compile time. This bug was
+ discovered by the LLVM fuzzer.
Version 8.36 26-September-2014
Modified: code/trunk/pcre_compile.c
===================================================================
--- code/trunk/pcre_compile.c 2015-03-27 16:44:50 UTC (rev 1536)
+++ code/trunk/pcre_compile.c 2015-03-27 17:48:28 UTC (rev 1537)
@@ -2497,8 +2497,8 @@
empty_branch = FALSE;
do
{
- if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, NULL))
- empty_branch = TRUE;
+ if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd,
+ recurses)) empty_branch = TRUE;
code += GET(code, 1);
}
while (*code == OP_ALT);
Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2 2015-03-27 16:44:50 UTC (rev 1536)
+++ code/trunk/testdata/testinput2 2015-03-27 17:48:28 UTC (rev 1537)
@@ -4134,4 +4134,6 @@
bbb
aaa
+"((?2)+)((?1))"
+
/-- End of testinput2 --/
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2015-03-27 16:44:50 UTC (rev 1536)
+++ code/trunk/testdata/testoutput2 2015-03-27 17:48:28 UTC (rev 1537)
@@ -14343,4 +14343,6 @@
aaa
No match
+"((?2)+)((?1))"
+
/-- End of testinput2 --/