Revision: 1590
http://vcs.pcre.org/viewvc?view=rev&revision=1590
Author: ph10
Date: 2015-08-10 15:38:34 +0100 (Mon, 10 Aug 2015)
Log Message:
-----------
Add an internal error if handling forward referencing recursion calls has gone
wrong.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcre_compile.c
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-08-10 14:19:06 UTC (rev 1589)
+++ code/trunk/ChangeLog 2015-08-10 14:38:34 UTC (rev 1590)
@@ -120,6 +120,11 @@
31. Added a check for integer overflow in conditions (?(<digits>) and
(?(R<digits>). This omission was discovered by Karl Skomski with the LLVM
fuzzer.
+
+32. Handling recursive references such as (?2) when the reference is to a group
+ later in the pattern uses code that is very hacked about and error-prone.
+ It has been re-written for PCRE2. Here in PCRE1, a check has been added to
+ give an internal error if it is obvious that compiling has gone wrong.
Version 8.37 28-April-2015
Modified: code/trunk/pcre_compile.c
===================================================================
--- code/trunk/pcre_compile.c 2015-08-10 14:19:06 UTC (rev 1589)
+++ code/trunk/pcre_compile.c 2015-08-10 14:38:34 UTC (rev 1590)
@@ -464,7 +464,7 @@
"range out of order in character class\0"
"nothing to repeat\0"
/* 10 */
- "operand of unlimited repeat could match the empty string\0" /** DEAD **/
+ "internal error: invalid forward reference offset\0"
"internal error: unexpected repeat\0"
"unrecognized character after (? or (?-\0"
"POSIX named classes are supported only within a class\0"
@@ -9434,6 +9434,16 @@
int offset, recno;
cd->hwm -= LINK_SIZE;
offset = GET(cd->hwm, 0);
+
+ /* Check that the hwm handling hasn't gone wrong. This whole area is
+ rewritten in PCRE2 because there are some obscure cases. */
+
+ if (offset == 0 || codestart[offset-1] != OP_RECURSE)
+ {
+ errorcode = ERR10;
+ break;
+ }
+
recno = GET(codestart, offset);
if (recno != prev_recno)
{