Revision: 1546
http://vcs.pcre.org/viewvc?view=rev&revision=1546
Author: ph10
Date: 2015-04-08 17:56:28 +0100 (Wed, 08 Apr 2015)
Log Message:
-----------
Fix other cases of backtracking crashes after \C in UTF mode.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcre_exec.c
code/trunk/testdata/testinput4
code/trunk/testdata/testoutput4
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-04-08 16:34:24 UTC (rev 1545)
+++ code/trunk/ChangeLog 2015-04-08 16:56:28 UTC (rev 1546)
@@ -154,7 +154,8 @@
38. If a greedy quantified \X was preceded by \C in UTF mode (e.g. \C\X*),
and a subsequent item in the pattern caused a non-match, backtracking over
the repeated \X did not stop, but carried on past the start of the subject,
- causing reference to random memory and/or a segfault. This bug was
+ causing reference to random memory and/or a segfault. There were also some
+ other cases where backtracking after \C could crash. This set of bugs was
discovered by the LLVM fuzzer.
Modified: code/trunk/pcre_exec.c
===================================================================
--- code/trunk/pcre_exec.c 2015-04-08 16:34:24 UTC (rev 1545)
+++ code/trunk/pcre_exec.c 2015-04-08 16:56:28 UTC (rev 1546)
@@ -3483,7 +3483,7 @@
if (possessive) continue; /* No backtracking */
for(;;)
{
- if (eptr == pp) goto TAIL_RECURSE;
+ if (eptr <= pp) goto TAIL_RECURSE;
RMATCH(eptr, ecode, offset_top, md, eptrb, RM23);
if (rrc != MATCH_NOMATCH) RRETURN(rrc);
#ifdef SUPPORT_UCP
@@ -3904,7 +3904,7 @@
if (possessive) continue; /* No backtracking */
for(;;)
{
- if (eptr == pp) goto TAIL_RECURSE;
+ if (eptr <= pp) goto TAIL_RECURSE;
RMATCH(eptr, ecode, offset_top, md, eptrb, RM30);
if (rrc != MATCH_NOMATCH) RRETURN(rrc);
eptr--;
@@ -4039,7 +4039,7 @@
if (possessive) continue; /* No backtracking */
for(;;)
{
- if (eptr == pp) goto TAIL_RECURSE;
+ if (eptr <= pp) goto TAIL_RECURSE;
RMATCH(eptr, ecode, offset_top, md, eptrb, RM34);
if (rrc != MATCH_NOMATCH) RRETURN(rrc);
eptr--;
@@ -5610,7 +5610,7 @@
if (possessive) continue; /* No backtracking */
for(;;)
{
- if (eptr == pp) goto TAIL_RECURSE;
+ if (eptr <= pp) goto TAIL_RECURSE;
RMATCH(eptr, ecode, offset_top, md, eptrb, RM44);
if (rrc != MATCH_NOMATCH) RRETURN(rrc);
eptr--;
@@ -5930,7 +5930,7 @@
if (possessive) continue; /* No backtracking */
for(;;)
{
- if (eptr == pp) goto TAIL_RECURSE;
+ if (eptr <= pp) goto TAIL_RECURSE;
RMATCH(eptr, ecode, offset_top, md, eptrb, RM46);
if (rrc != MATCH_NOMATCH) RRETURN(rrc);
eptr--;
Modified: code/trunk/testdata/testinput4
===================================================================
--- code/trunk/testdata/testinput4 2015-04-08 16:34:24 UTC (rev 1545)
+++ code/trunk/testdata/testinput4 2015-04-08 16:56:28 UTC (rev 1546)
@@ -727,4 +727,7 @@
/\C\X*QT/8
Ӆ\x0aT
+/\C(\W?ſ)'?{{/8
+ \\C(\\W?ſ)'?{{
+
/-- End of testinput4 --/
Modified: code/trunk/testdata/testoutput4
===================================================================
--- code/trunk/testdata/testoutput4 2015-04-08 16:34:24 UTC (rev 1545)
+++ code/trunk/testdata/testoutput4 2015-04-08 16:56:28 UTC (rev 1546)
@@ -1277,4 +1277,8 @@
Ӆ\x0aT
No match
+/\C(\W?ſ)'?{{/8
+ \\C(\\W?ſ)'?{{
+No match
+
/-- End of testinput4 --/
