Revision: 659
http://www.exim.org/viewvc/pcre2?view=rev&revision=659
Author: ph10
Date: 2017-02-08 17:03:30 +0000 (Wed, 08 Feb 2017)
Log Message:
-----------
Reduce recursion limit for auto-possessify to reduce stack usage at compile
time. Fixes oss-fuzz issue 553.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_auto_possess.c
code/trunk/testdata/testinput1
code/trunk/testdata/testoutput1
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2017-02-04 16:27:20 UTC (rev 658)
+++ code/trunk/ChangeLog 2017-02-08 17:03:30 UTC (rev 659)
@@ -338,6 +338,10 @@
* LC_ALL was displayed as "LCC_ALL";
* numbers 11, 12 & 13 should end in "th";
* use double quotes in usage message.
+
+53. When autopossessifying, skip empty branches without recursion, to reduce
+stack usage for the benefit of clang with -fsanitize-address, which uses huge
+stack frames. Example pattern: /X?(R||){3335}/. Fixes oss-fuzz issue 553.
Version 10.22 29-July-2016
Modified: code/trunk/src/pcre2_auto_possess.c
===================================================================
--- code/trunk/src/pcre2_auto_possess.c 2017-02-04 16:27:20 UTC (rev 658)
+++ code/trunk/src/pcre2_auto_possess.c 2017-02-08 17:03:30 UTC (rev 659)
@@ -589,6 +589,7 @@
case OP_ASSERTBACK_NOT:
case OP_ONCE:
case OP_ONCE_NC:
+
/* Atomic sub-patterns and assertions can always auto-possessify their
last iterator. However, if the group was entered as a result of checking
a previous iterator, this is not possible. */
@@ -606,6 +607,9 @@
next_code = code + GET(code, 1);
code += PRIV(OP_lengths)[c];
+ /* Check each branch. We have to recurse a level for all but the last
+ branch. */
+
while (*next_code == OP_ALT)
{
if (!compare_opcodes(code, utf, cb, base_list, base_end, rec_limit))
@@ -1067,7 +1071,7 @@
PCRE2_SPTR end;
PCRE2_UCHAR *repeat_opcode;
uint32_t list[8];
-int rec_limit = 10000;
+int rec_limit = 1000; /* Was 10,000 but clang+ASAN uses a lot of stack. */
for (;;)
{
Modified: code/trunk/testdata/testinput1
===================================================================
--- code/trunk/testdata/testinput1 2017-02-04 16:27:20 UTC (rev 658)
+++ code/trunk/testdata/testinput1 2017-02-08 17:03:30 UTC (rev 659)
@@ -5826,4 +5826,9 @@
/[s[:digit:]\Q\E-H]+/
s09-H
+/a+(?:|b)a/
+ aaaa
+
+/X?(R||){3335}/
+
# End of testinput1
Modified: code/trunk/testdata/testoutput1
===================================================================
--- code/trunk/testdata/testoutput1 2017-02-04 16:27:20 UTC (rev 658)
+++ code/trunk/testdata/testoutput1 2017-02-08 17:03:30 UTC (rev 659)
@@ -9305,4 +9305,10 @@
s09-H
0: s09-H
+/a+(?:|b)a/
+ aaaa
+ 0: aaaa
+
+/X?(R||){3335}/
+
# End of testinput1