[Pcre-svn] [308] code/trunk: Fix bad processing of (?x)(*MAR…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Author: Subversion repository
Date:  
To: pcre-svn
Subject: [Pcre-svn] [308] code/trunk: Fix bad processing of (?x)(*MARK) within another group.
Revision: 308
          http://www.exim.org/viewvc/pcre2?view=rev&revision=308
Author:   ph10
Date:     2015-07-15 10:34:04 +0100 (Wed, 15 Jul 2015)
Log Message:
-----------
Fix bad processing of (?x)(*MARK) within another group.


Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/src/pcre2_compile.c
    code/trunk/testdata/testinput2
    code/trunk/testdata/testoutput2


Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2015-07-15 09:08:12 UTC (rev 307)
+++ code/trunk/ChangeLog    2015-07-15 09:34:04 UTC (rev 308)
@@ -18,7 +18,14 @@
 processing them could involve a buffer overflow if the following character was 
 an opening parenthesis.


+6. Change 36 for 10.20 also introduced a bug in processing this pattern:
+/((?x)(*:0))#(?'/. Specifically: if a setting of (?x) was followed by a (*MARK)
+setting (which (*:0) is), then (?x) did not get unset at the end of its group
+during the scan for named groups, and hence the external # was incorrectly
+treated as a comment and the invalid (?' at the end of the pattern was not
+diagnosed. This caused a buffer overflow during the real compile.

+
Version 10.20 30-June-2015
-------------------------- 


Modified: code/trunk/src/pcre2_compile.c
===================================================================
--- code/trunk/src/pcre2_compile.c    2015-07-15 09:08:12 UTC (rev 307)
+++ code/trunk/src/pcre2_compile.c    2015-07-15 09:34:04 UTC (rev 308)
@@ -3334,6 +3334,7 @@
         {
         ptr += 2;
         while (ptr < cb->end_pattern && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
+        nest_depth--;
         }
       }



Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2    2015-07-15 09:08:12 UTC (rev 307)
+++ code/trunk/testdata/testinput2    2015-07-15 09:34:04 UTC (rev 308)
@@ -4329,4 +4329,6 @@


/[[:>:]](?<)/

+/((?x)(*:0))#(?'/
+
# End of testinput2 

Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2    2015-07-15 09:08:12 UTC (rev 307)
+++ code/trunk/testdata/testoutput2    2015-07-15 09:34:04 UTC (rev 308)
@@ -14473,4 +14473,7 @@
 /[[:>:]](?<)/
 Failed: error 124 at offset 10: unrecognized character after (?<


+/((?x)(*:0))#(?'/
+Failed: error 124 at offset 15: unrecognized character after (?<
+
# End of testinput2
This message was posted to the following mailing lists:
Pcre-svn
Mailing List Info | Nearby Messages		<-[Pcre-svn] [307] code/trunk: Fix [[:>:]] when followed by parenthesis buffer overflow.[Pcre-svn] [309] code/trunk: Move pcre2_find_bracket() into its own module to avoid circular dependency.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)