Revision: 352
http://www.exim.org/viewvc/pcre2?view=rev&revision=352
Author: zherczeg
Date: 2015-08-24 10:25:04 +0100 (Mon, 24 Aug 2015)
Log Message:
-----------
Fix two assertion fails in JIT found by Karl Skomski.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_jit_compile.c
code/trunk/testdata/testinput17
code/trunk/testdata/testinput5
code/trunk/testdata/testoutput17
code/trunk/testdata/testoutput5
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-08-23 09:47:08 UTC (rev 351)
+++ code/trunk/ChangeLog 2015-08-24 09:25:04 UTC (rev 352)
@@ -151,7 +151,10 @@
41. Improve first character match in JIT with SSE2 on x86.
+42. Fix two assertion fails in JIT. These issues were found by Karl Skomski
+with a custom LLVM fuzzer.
+
Version 10.20 30-June-2015
--------------------------
Modified: code/trunk/src/pcre2_jit_compile.c
===================================================================
--- code/trunk/src/pcre2_jit_compile.c 2015-08-23 09:47:08 UTC (rev 351)
+++ code/trunk/src/pcre2_jit_compile.c 2015-08-24 09:25:04 UTC (rev 352)
@@ -5457,6 +5457,7 @@
cc++;
ccbegin = cc;
compares = 0;
+
if (cc[-1] & XCL_MAP)
{
min = 0;
@@ -5596,9 +5597,10 @@
if (!check_class_ranges(common, (const sljit_ub *)cc, FALSE, TRUE, list))
{
#if PCRE2_CODE_UNIT_WIDTH == 8
- SLJIT_ASSERT(common->utf);
+ jump = NULL;
+ if (common->utf)
#endif
- jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255);
+ jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255);
OP2(SLJIT_AND, TMP2, 0, TMP1, 0, SLJIT_IMM, 0x7);
OP2(SLJIT_LSHR, TMP1, 0, TMP1, 0, SLJIT_IMM, 3);
@@ -5607,7 +5609,10 @@
OP2(SLJIT_AND | SLJIT_SET_E, SLJIT_UNUSED, 0, TMP1, 0, TMP2, 0);
add_jump(compiler, list, JUMP(SLJIT_NOT_ZERO));
- JUMPHERE(jump);
+#if PCRE2_CODE_UNIT_WIDTH == 8
+ if (common->utf)
+#endif
+ JUMPHERE(jump);
}
OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
@@ -10657,7 +10662,7 @@
DEFINE_COMPILER;
PCRE2_SPTR cc = common->start + common->currententry->start;
PCRE2_SPTR ccbegin = cc + 1 + LINK_SIZE + (*cc == OP_BRA ? 0 : IMM2_SIZE);
-PCRE2_SPTR ccend = bracketend(cc);
+PCRE2_SPTR ccend = bracketend(cc) - (1 + LINK_SIZE);
BOOL needs_control_head;
int framesize = get_framesize(common, cc, NULL, TRUE, &needs_control_head);
int private_data_size = get_private_data_copy_length(common, ccbegin, ccend, needs_control_head);
Modified: code/trunk/testdata/testinput17
===================================================================
--- code/trunk/testdata/testinput17 2015-08-23 09:47:08 UTC (rev 351)
+++ code/trunk/testdata/testinput17 2015-08-24 09:25:04 UTC (rev 352)
@@ -247,4 +247,6 @@
/[^\xff]((?1))/BI
abcd
+/(x(?1)){4}/
+
# End of testinput17
Modified: code/trunk/testdata/testinput5
===================================================================
--- code/trunk/testdata/testinput5 2015-08-23 09:47:08 UTC (rev 351)
+++ code/trunk/testdata/testinput5 2015-08-24 09:25:04 UTC (rev 352)
@@ -1662,4 +1662,7 @@
/\C(\W?ſ)'?{{/utf
\\C(\\W?ſ)'?{{
+/[\pS#moq]/
+ =
+
# End of testinput5
Modified: code/trunk/testdata/testoutput17
===================================================================
--- code/trunk/testdata/testoutput17 2015-08-23 09:47:08 UTC (rev 351)
+++ code/trunk/testdata/testoutput17 2015-08-24 09:25:04 UTC (rev 352)
@@ -481,4 +481,6 @@
abcd
Failed: error -46: JIT stack limit reached
+/(x(?1)){4}/
+
# End of testinput17
Modified: code/trunk/testdata/testoutput5
===================================================================
--- code/trunk/testdata/testoutput5 2015-08-23 09:47:08 UTC (rev 351)
+++ code/trunk/testdata/testoutput5 2015-08-24 09:25:04 UTC (rev 352)
@@ -4063,4 +4063,8 @@
\\C(\\W?ſ)'?{{
No match
+/[\pS#moq]/
+ =
+ 0: =
+
# End of testinput5
