Revision: 323
http://www.exim.org/viewvc/pcre2?view=rev&revision=323
Author: ph10
Date: 2015-07-22 10:01:50 +0100 (Wed, 22 Jul 2015)
Log Message:
-----------
Fix incorrect compilation for repeated conditionals with only one branch.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_compile.c
code/trunk/testdata/testinput2
code/trunk/testdata/testoutput2
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-07-22 06:42:58 UTC (rev 322)
+++ code/trunk/ChangeLog 2015-07-22 09:01:50 UTC (rev 323)
@@ -66,7 +66,10 @@
being diagnosed, possibly leading to a buffer overflow. This bug was found by
the LLVM fuzzer.
+18. A conditional group with only one branch has an implicit empty alternative
+branch and must therefore be treated as potentially matching an empty string.
+
Version 10.20 30-June-2015
--------------------------
Modified: code/trunk/src/pcre2_compile.c
===================================================================
--- code/trunk/src/pcre2_compile.c 2015-07-22 06:42:58 UTC (rev 322)
+++ code/trunk/src/pcre2_compile.c 2015-07-22 09:01:50 UTC (rev 323)
@@ -5324,6 +5324,12 @@
scode += GET(scode, 1);
}
while (*scode == OP_ALT);
+
+ /* A conditional group with only one branch has an implicit empty
+ alternative branch. */
+
+ if (*bracode == OP_COND && bracode[GET(bracode,1)] != OP_ALT)
+ *bracode = OP_SCOND;
}
/* Handle possessive quantifiers. */
Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2 2015-07-22 06:42:58 UTC (rev 322)
+++ code/trunk/testdata/testinput2 2015-07-22 09:01:50 UTC (rev 323)
@@ -4352,4 +4352,6 @@
"[[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[:::::::::::::::::[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[[[:::E[[[:[:[[:[:::[[:::E[[[:[:[[:'[:::::E[[[:[::::::[[[:[[[[[[[::E[[[:[::::::[[[:[[[[[[[[:[[::[::::[[:::::::[[:[[[[[[[:[[::[:[[:[~"
+/()(?(R)0)*+/B
+
# End of testinput2
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2015-07-22 06:42:58 UTC (rev 322)
+++ code/trunk/testdata/testoutput2 2015-07-22 09:01:50 UTC (rev 323)
@@ -14537,4 +14537,20 @@
"[[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[:::::::::::::::::[[.\xe8Nq\xffq\xff\xe0\x2|||::Nq\xffq\xff\xe0\x6\x2|||::[[[:[::::::[[[[[::::::::[:[[[:[:::[[[[[[[[[[[[[[:::E[[[:[:[[:[:::[[:::E[[[:[:[[:'[:::::E[[[:[::::::[[[:[[[[[[[::E[[[:[::::::[[[:[[[[[[[[:[[::[::::[[:::::::[[:[[[[[[[:[[::[:[[:[~"
Failed: error 106 at offset 353: missing terminating ] for character class
+/()(?(R)0)*+/B
+------------------------------------------------------------------
+ Bra
+ CBra 1
+ Ket
+ Braposzero
+ SBraPos
+ SCond
+ Cond recurse any
+ 0
+ Ket
+ KetRpos
+ Ket
+ End
+------------------------------------------------------------------
+
# End of testinput2
