Revision: 615
http://www.exim.org/viewvc/pcre2?view=rev&revision=615
Author: ph10
Date: 2016-12-09 16:57:51 +0000 (Fri, 09 Dec 2016)
Log Message:
-----------
Fix NULL defer in extended substition for \p, \P, or \X.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_compile.c
code/trunk/testdata/testinput2
code/trunk/testdata/testoutput2
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2016-12-09 14:22:11 UTC (rev 614)
+++ code/trunk/ChangeLog 2016-12-09 16:57:51 UTC (rev 615)
@@ -204,7 +204,11 @@
31. Fix a bug in pcre2test that caused a crash when a locale was set either in
the current pattern or a previous one and a wide character was matched.
+32. The appearance of \p, \P, or \X in a substitution string when
+PCRE2_SUBSTITUTE_EXTENDED was set caused a segmentation fault (NULL
+dereference).
+
Version 10.22 29-July-2016
--------------------------
Modified: code/trunk/src/pcre2_compile.c
===================================================================
--- code/trunk/src/pcre2_compile.c 2016-12-09 14:22:11 UTC (rev 614)
+++ code/trunk/src/pcre2_compile.c 2016-12-09 16:57:51 UTC (rev 615)
@@ -1352,10 +1352,10 @@
final code unit of the escape sequence.
This function is also called from pcre2_substitute() to handle escape sequences
-in replacement strings. In this case, the cb argument is NULL, and only
-sequences that define a data character are recognised. The isclass argument is
-not relevant, but the options argument is the final value of the compiled
-pattern's options.
+in replacement strings. In this case, the cb argument is NULL, and in the case
+of escapes that have further processing, only sequences that define a data
+character are recognised. The isclass argument is not relevant; the options
+argument is the final value of the compiled pattern's options.
Arguments:
ptrptr points to the input position pointer
@@ -1405,7 +1405,7 @@
if (i > 0) c = (uint32_t)i; else /* Positive is a data character */
{
escape = -i; /* Else return a special escape */
- if (escape == ESC_P || escape == ESC_p || escape == ESC_X)
+ if (cb != NULL && (escape == ESC_P || escape == ESC_p || escape == ESC_X))
cb->external_flags |= PCRE2_HASBKPORX; /* Note \P, \p, or \X */
}
}
Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2 2016-12-09 14:22:11 UTC (rev 614)
+++ code/trunk/testdata/testinput2 2016-12-09 16:57:51 UTC (rev 615)
@@ -4925,4 +4925,7 @@
/./newline=crlf
\=ph
+/(\x0e00\000000\xc)/replace=\P,substitute_extended
+\x0e00\000000\xc
+
# End of testinput2
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2016-12-09 14:22:11 UTC (rev 614)
+++ code/trunk/testdata/testoutput2 2016-12-09 16:57:51 UTC (rev 615)
@@ -15378,6 +15378,10 @@
\=ph
No match
+/(\x0e00\000000\xc)/replace=\P,substitute_extended
+\x0e00\000000\xc
+Failed: error -57 at offset 2 in replacement: bad escape sequence in replacement string
+
# End of testinput2
Error -63: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data
