[Pcre-svn] [337] code/trunk: The JIT compiler did not restor…

Revision: 337

          http://www.exim.org/viewvc/pcre2?view=rev&revision=337
Author:   zherczeg
Date:     2015-08-08 06:45:17 +0100 (Sat, 08 Aug 2015)
Log Message:
-----------
The JIT compiler did not restore the control verb head in case of *THEN control verbs.

Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/src/pcre2_jit_compile.c
    code/trunk/testdata/testinput2
    code/trunk/testdata/testoutput2

Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2015-08-05 17:35:36 UTC (rev 336)
+++ code/trunk/ChangeLog    2015-08-08 05:45:17 UTC (rev 337)
@@ -108,7 +108,10 @@
 28. If pcre2grep was given the -q option with -c or -l, or when handling a 
 binary file, it incorrectly wrote output to stdout.

+29. The JIT compiler did not restore the control verb head in case of *THEN
+control verbs. This issue was found by Karl Skomski with a custom LLVM fuzzer.

+
Version 10.20 30-June-2015
--------------------------

Modified: code/trunk/src/pcre2_jit_compile.c
===================================================================
--- code/trunk/src/pcre2_jit_compile.c    2015-08-05 17:35:36 UTC (rev 336)
+++ code/trunk/src/pcre2_jit_compile.c    2015-08-08 05:45:17 UTC (rev 337)
@@ -1472,6 +1472,13 @@
     cc += 1 + LINK_SIZE + IMM2_SIZE;
     break;

+    case OP_THEN:
+    stack_restore = TRUE;
+    if (common->control_head_ptr != 0)
+      *needs_control_head = TRUE;
+    cc ++;
+    break;
+
     default:
     stack_restore = TRUE;
     /* Fall through. */

Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2    2015-08-05 17:35:36 UTC (rev 336)
+++ code/trunk/testdata/testinput2    2015-08-08 05:45:17 UTC (rev 337)
@@ -4412,4 +4412,7 @@

/((?(R8000000000)))/

+/0(?0)|(1)(*THEN)(*SKIP:0)(*FAIL)/
+    01
+
 # End of testinput2 

Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2    2015-08-05 17:35:36 UTC (rev 336)
+++ code/trunk/testdata/testoutput2    2015-08-08 05:45:17 UTC (rev 337)
@@ -14667,4 +14667,8 @@
 /((?(R8000000000)))/
 Failed: error 161 at offset 16: number is too big

+/0(?0)|(1)(*THEN)(*SKIP:0)(*FAIL)/
+    01
+No match
+
 # End of testinput2