Revision: 1595
http://vcs.pcre.org/viewvc?view=rev&revision=1595
Author: zherczeg
Date: 2015-08-24 10:49:06 +0100 (Mon, 24 Aug 2015)
Log Message:
-----------
Fix two assertion fails in JIT found by Karl Skomski.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcre_jit_compile.c
code/trunk/testdata/testinput12
code/trunk/testdata/testinput6
code/trunk/testdata/testoutput12
code/trunk/testdata/testoutput6
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-08-21 16:08:33 UTC (rev 1594)
+++ code/trunk/ChangeLog 2015-08-24 09:49:06 UTC (rev 1595)
@@ -140,7 +140,10 @@
PCRE2 by refactoring the way references are handled. Wen Guanxing
from Venustech ADLAB discovered this bug.
+37. Fix two assertion fails in JIT. These issues were found by Karl Skomski
+ with a custom LLVM fuzzer.
+
Version 8.37 28-April-2015
--------------------------
Modified: code/trunk/pcre_jit_compile.c
===================================================================
--- code/trunk/pcre_jit_compile.c 2015-08-21 16:08:33 UTC (rev 1594)
+++ code/trunk/pcre_jit_compile.c 2015-08-24 09:49:06 UTC (rev 1595)
@@ -4931,9 +4931,10 @@
if (!check_class_ranges(common, (const pcre_uint8 *)cc, FALSE, TRUE, list))
{
#ifdef COMPILE_PCRE8
- SLJIT_ASSERT(common->utf);
+ jump = NULL;
+ if (common->utf)
#endif
- jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255);
+ jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255);
OP2(SLJIT_AND, TMP2, 0, TMP1, 0, SLJIT_IMM, 0x7);
OP2(SLJIT_LSHR, TMP1, 0, TMP1, 0, SLJIT_IMM, 3);
@@ -4942,7 +4943,10 @@
OP2(SLJIT_AND | SLJIT_SET_E, SLJIT_UNUSED, 0, TMP1, 0, TMP2, 0);
add_jump(compiler, list, JUMP(SLJIT_NOT_ZERO));
- JUMPHERE(jump);
+#ifdef COMPILE_PCRE8
+ if (common->utf)
+#endif
+ JUMPHERE(jump);
}
OP1(SLJIT_MOV, TMP1, 0, TMP3, 0);
@@ -9660,7 +9664,7 @@
DEFINE_COMPILER;
pcre_uchar *cc = common->start + common->currententry->start;
pcre_uchar *ccbegin = cc + 1 + LINK_SIZE + (*cc == OP_BRA ? 0 : IMM2_SIZE);
-pcre_uchar *ccend = bracketend(cc);
+pcre_uchar *ccend = bracketend(cc) - (1 + LINK_SIZE);
BOOL needs_control_head;
int framesize = get_framesize(common, cc, NULL, TRUE, &needs_control_head);
int private_data_size = get_private_data_copy_length(common, ccbegin, ccend, needs_control_head);
Modified: code/trunk/testdata/testinput12
===================================================================
--- code/trunk/testdata/testinput12 2015-08-21 16:08:33 UTC (rev 1594)
+++ code/trunk/testdata/testinput12 2015-08-24 09:49:06 UTC (rev 1595)
@@ -99,4 +99,6 @@
/(?:|a|){100}x/S++
+/(x(?1)){4}/S++
+
/-- End of testinput12 --/
Modified: code/trunk/testdata/testinput6
===================================================================
--- code/trunk/testdata/testinput6 2015-08-21 16:08:33 UTC (rev 1594)
+++ code/trunk/testdata/testinput6 2015-08-24 09:49:06 UTC (rev 1595)
@@ -1502,4 +1502,7 @@
/\C\X*QT/8
Ӆ\x0aT
+/[\pS#moq]/
+ =
+
/-- End of testinput6 --/
Modified: code/trunk/testdata/testoutput12
===================================================================
--- code/trunk/testdata/testoutput12 2015-08-21 16:08:33 UTC (rev 1594)
+++ code/trunk/testdata/testoutput12 2015-08-24 09:49:06 UTC (rev 1595)
@@ -195,4 +195,6 @@
/(?:|a|){100}x/S++
+/(x(?1)){4}/S++
+
/-- End of testinput12 --/
Modified: code/trunk/testdata/testoutput6
===================================================================
--- code/trunk/testdata/testoutput6 2015-08-21 16:08:33 UTC (rev 1594)
+++ code/trunk/testdata/testoutput6 2015-08-24 09:49:06 UTC (rev 1595)
@@ -2469,4 +2469,8 @@
Ӆ\x0aT
No match
+/[\pS#moq]/
+ =
+ 0: =
+
/-- End of testinput6 --/
