Revision: 343
http://www.exim.org/viewvc/pcre2?view=rev&revision=343
Author: zherczeg
Date: 2015-08-11 06:30:10 +0100 (Tue, 11 Aug 2015)
Log Message:
-----------
The JIT compiler should not check repeats after a {0,1} repeat byte code.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_jit_compile.c
code/trunk/testdata/testinput2
code/trunk/testdata/testoutput2
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-08-10 16:34:17 UTC (rev 342)
+++ code/trunk/ChangeLog 2015-08-11 05:30:10 UTC (rev 343)
@@ -133,7 +133,10 @@
35. Error messages for syntax errors in *LIMIT_MATCH and *LIMIT_RECURSION now
give the right offset instead of zero.
+36. The JIT compiler should not check repeats after a {0,1} repeat byte code.
+This issue was found by Karl Skomski with a custom LLVM fuzzer.
+
Version 10.20 30-June-2015
--------------------------
Modified: code/trunk/src/pcre2_jit_compile.c
===================================================================
--- code/trunk/src/pcre2_jit_compile.c 2015-08-10 16:34:17 UTC (rev 342)
+++ code/trunk/src/pcre2_jit_compile.c 2015-08-11 05:30:10 UTC (rev 343)
@@ -1281,6 +1281,7 @@
PCRE2_SPTR end = NULL;
int private_data_ptr = *private_data_start;
int space, size, bracketlen;
+BOOL repeat_check = TRUE;
while (cc < ccend)
{
@@ -1290,7 +1291,8 @@
if (private_data_ptr > SLJIT_MAX_LOCAL_SIZE)
break;
- if (*cc == OP_ONCE || *cc == OP_ONCE_NC || *cc == OP_BRA || *cc == OP_CBRA || *cc == OP_COND)
+ if (repeat_check && (*cc == OP_ONCE || *cc == OP_ONCE_NC || *cc == OP_BRA || *cc == OP_CBRA || *cc == OP_COND))
+ {
if (detect_repeat(common, cc))
{
/* These brackets are converted to repeats, so no global
@@ -1298,6 +1300,8 @@
if (cc >= end)
end = bracketend(cc);
}
+ }
+ repeat_check = TRUE;
switch(*cc)
{
@@ -1353,6 +1357,13 @@
bracketlen = 1 + LINK_SIZE + IMM2_SIZE;
break;
+ case OP_BRAZERO:
+ case OP_BRAMINZERO:
+ case OP_BRAPOSZERO:
+ repeat_check = FALSE;
+ size = 1;
+ break;
+
CASE_ITERATOR_PRIVATE_DATA_1
space = 1;
size = -2;
Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2 2015-08-10 16:34:17 UTC (rev 342)
+++ code/trunk/testdata/testinput2 2015-08-11 05:30:10 UTC (rev 343)
@@ -4403,4 +4403,6 @@
/(*CRLF)(*LIMIT_MATCH=)abc/
+/(?:ab)?(?:ab)(?:ab)/
+
# End of testinput2
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2015-08-10 16:34:17 UTC (rev 342)
+++ code/trunk/testdata/testoutput2 2015-08-11 05:30:10 UTC (rev 343)
@@ -14657,4 +14657,6 @@
/(*CRLF)(*LIMIT_MATCH=)abc/
Failed: error 160 at offset 21: (*VERB) not recognized or malformed
+/(?:ab)?(?:ab)(?:ab)/
+
# End of testinput2