Revision: 777
http://www.exim.org/viewvc/pcre2?view=rev&revision=777
Author: ph10
Date: 2017-05-10 17:44:33 +0100 (Wed, 10 May 2017)
Log Message:
-----------
Refactor to avoid picky compiler warnings. Fixes oss-fuzz issue 1454.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_match.c
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2017-05-10 15:42:13 UTC (rev 776)
+++ code/trunk/ChangeLog 2017-05-10 16:44:33 UTC (rev 777)
@@ -35,6 +35,10 @@
happening if the assertion matched via (*ACCEPT).
(e) Mark values were not being passed out of recursions.
+
+ (f) Refactor some code in do_callout() to avoid picky compiler warnings about
+ negative indices. Fixes oss-fuzz issue 1454.
+
2. Now that pcre2_match() no longer uses recursive function calls (see above),
the "match limit recursion" value seems misnamed. It still exists, and limits
@@ -157,6 +161,7 @@
pcre2test, a crash could occur.
+
Version 10.23 14-February-2017
------------------------------
Modified: code/trunk/src/pcre2_match.c
===================================================================
--- code/trunk/src/pcre2_match.c 2017-05-10 15:42:13 UTC (rev 776)
+++ code/trunk/src/pcre2_match.c 2017-05-10 16:44:33 UTC (rev 777)
@@ -263,18 +263,32 @@
static int
do_callout(heapframe *F, match_block *mb, PCRE2_SIZE *lengthptr)
{
+int rc;
PCRE2_SIZE save0, save1;
+PCRE2_SIZE *callout_ovector;
pcre2_callout_block cb;
-int rc;
*lengthptr = (*Fecode == OP_CALLOUT)?
PRIV(OP_lengths)[OP_CALLOUT] : GET(Fecode, 1 + 2*LINK_SIZE);
+
+if (mb->callout == NULL) return 0; /* No callout function provided */
-if (mb->callout == NULL) return 0; /* No callout function provided */
+/* The original matching code (pre 10.30) worked directly with the ovector
+passed by the user, and this was passed to callouts. Now that the working
+ovector is in the backtracking frame, it no longer needs to reserve space for
+the overall match offsets (which would waste space in the frame). For backward
+compatibility, however, we pass capture_top and offset_vector to the callout as
+if for the extended ovector, and we ensure that the first two slots are unset
+by preserving and restoring their current contents. Picky compilers complain if
+references such as Fovector[-2] are use directly, so we set up a separate
+pointer. */
+
+callout_ovector = (PCRE2_SIZE *)(Fovector) - 2;
+
cb.version = 1;
cb.capture_top = (uint32_t)Foffset_top/2 + 1;
cb.capture_last = Fcapture_last;
-cb.offset_vector = Fovector - 2;
+cb.offset_vector = callout_ovector;
cb.mark = mb->nomatch_mark;
cb.subject = mb->start_subject;
cb.subject_length = (PCRE2_SIZE)(mb->end_subject - mb->start_subject);
@@ -299,20 +313,12 @@
*lengthptr - (1 + 4*LINK_SIZE) - 2;
}
-/* The original matching code (pre 10.30) worked directly with the ovector
-passed by the user, and this was passed to callouts. Now that the working
-ovector is in the backtracking frame, it no longer needs to reserve space for
-the overall match offsets (which would waste space in the frame). For backward
-compatibility, however, we pass capture_top and offset_vector to the callout as
-if for the extended ovector, and we ensure that the first two slots are unset
-by preserving and restoring their current contents. */
-
-save0 = Fovector[-2];
-save1 = Fovector[-1];
-Fovector[-2] = Fovector[-1] = PCRE2_UNSET;
+save0 = callout_ovector[0];
+save1 = callout_ovector[1];
+callout_ovector[0] = callout_ovector[1] = PCRE2_UNSET;
rc = mb->callout(&cb, mb->callout_data);
-Fovector[-2] = save0;
-Fovector[-1] = save1;
+callout_ovector[0] = save0;
+callout_ovector[1] = save1;
return rc;
}