Revision: 1088
http://www.exim.org/viewvc/pcre2?view=rev&revision=1088
Author: ph10
Date: 2019-04-22 13:39:38 +0100 (Mon, 22 Apr 2019)
Log Message:
-----------
Implement a check on the number of capturing parentheses, which for some reason
has never existed. This fixes ClusterFuzz issue 14376.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/configure.ac
code/trunk/src/pcre2.h.in
code/trunk/src/pcre2_compile.c
code/trunk/src/pcre2_error.c
code/trunk/testdata/testinput11
code/trunk/testdata/testinput2
code/trunk/testdata/testinput9
code/trunk/testdata/testoutput11-16
code/trunk/testdata/testoutput11-32
code/trunk/testdata/testoutput2
code/trunk/testdata/testoutput9
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/ChangeLog 2019-04-22 12:39:38 UTC (rev 1088)
@@ -2,6 +2,14 @@
--------------------
+Version 10.34 22-April-2019
+---------------------------
+
+1. The maximum number of capturing subpatterns is 65535 (documented), but no
+check on this was ever implemented. This omission has been rectified; it fixes
+ClusterFuzz 14376.
+
+
Version 10.33 16-April-2019
---------------------------
Modified: code/trunk/configure.ac
===================================================================
--- code/trunk/configure.ac 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/configure.ac 2019-04-22 12:39:38 UTC (rev 1088)
@@ -9,9 +9,9 @@
dnl be defined as -RC2, for example. For real releases, it should be empty.
m4_define(pcre2_major, [10])
-m4_define(pcre2_minor, [33])
-m4_define(pcre2_prerelease, [])
-m4_define(pcre2_date, [2019-04-16])
+m4_define(pcre2_minor, [34])
+m4_define(pcre2_prerelease, [-RC1])
+m4_define(pcre2_date, [2019-04-22])
# NOTE: The CMakeLists.txt file searches for the above variables in the first
# 50 lines of this file. Please update that if the variables above are moved.
Modified: code/trunk/src/pcre2.h.in
===================================================================
--- code/trunk/src/pcre2.h.in 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/src/pcre2.h.in 2019-04-22 12:39:38 UTC (rev 1088)
@@ -305,6 +305,7 @@
#define PCRE2_ERROR_INVALID_HYPHEN_IN_OPTIONS 194
#define PCRE2_ERROR_ALPHA_ASSERTION_UNKNOWN 195
#define PCRE2_ERROR_SCRIPT_RUN_NOT_AVAILABLE 196
+#define PCRE2_ERROR_TOO_MANY_CAPTURES 197
/* "Expected" matching error codes: no match and partial match. */
Modified: code/trunk/src/pcre2_compile.c
===================================================================
--- code/trunk/src/pcre2_compile.c 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/src/pcre2_compile.c 2019-04-22 12:39:38 UTC (rev 1088)
@@ -781,7 +781,7 @@
ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, ERR70,
ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, ERR80,
ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERR88, ERR89, ERR90,
- ERR91, ERR92, ERR93, ERR94, ERR95, ERR96 };
+ ERR91, ERR92, ERR93, ERR94, ERR95, ERR96, ERR97 };
/* This is a table of start-of-pattern options such as (*UTF) and settings such
as (*LIMIT_MATCH=nnnn) and (*CRLF). For completeness and backward
@@ -3611,6 +3611,11 @@
nest_depth++;
if ((options & PCRE2_NO_AUTO_CAPTURE) == 0)
{
+ if (cb->bracount >= MAX_GROUP_NUMBER)
+ {
+ errorcode = ERR97;
+ goto FAILED;
+ }
cb->bracount++;
*parsed_pattern++ = META_CAPTURE | cb->bracount;
}
@@ -4435,6 +4440,11 @@
/* We have a name for this capturing group. It is also assigned a number,
which is its primary means of identification. */
+ if (cb->bracount >= MAX_GROUP_NUMBER)
+ {
+ errorcode = ERR97;
+ goto FAILED;
+ }
cb->bracount++;
*parsed_pattern++ = META_CAPTURE | cb->bracount;
nest_depth++;
Modified: code/trunk/src/pcre2_error.c
===================================================================
--- code/trunk/src/pcre2_error.c 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/src/pcre2_error.c 2019-04-22 12:39:38 UTC (rev 1088)
@@ -184,6 +184,7 @@
/* 95 */
"(*alpha_assertion) not recognized\0"
"script runs require Unicode support, which this version of PCRE2 does not have\0"
+ "too many capturing groups (maximum 65535)\0"
;
/* Match-time and UTF error texts are in the same format. */
Modified: code/trunk/testdata/testinput11
===================================================================
--- code/trunk/testdata/testinput11 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/testdata/testinput11 2019-04-22 12:39:38 UTC (rev 1088)
@@ -368,4 +368,6 @@
ab\xFFAz
ab\x{80000041}z
+/\[()]{65535}/expand
+
# End of testinput11
Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/testdata/testinput2 2019-04-22 12:39:38 UTC (rev 1088)
@@ -5587,4 +5587,8 @@
\= Expect error message
abc\=null_context
+/\[()]{65535}()/expand
+
+/\[()]{65535}(?<A>)/expand
+
# End of testinput2
Modified: code/trunk/testdata/testinput9
===================================================================
--- code/trunk/testdata/testinput9 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/testdata/testinput9 2019-04-22 12:39:38 UTC (rev 1088)
@@ -260,4 +260,6 @@
/(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':ƿ)/
+/\[()]{65535}/expand
+
# End of testinput9
Modified: code/trunk/testdata/testoutput11-16
===================================================================
--- code/trunk/testdata/testoutput11-16 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/testdata/testoutput11-16 2019-04-22 12:39:38 UTC (rev 1088)
@@ -661,4 +661,7 @@
ab\xFFAz
ab\x{80000041}z
+/\[()]{65535}/expand
+Failed: error 120 at offset 131070: regular expression is too large
+
# End of testinput11
Modified: code/trunk/testdata/testoutput11-32
===================================================================
--- code/trunk/testdata/testoutput11-32 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/testdata/testoutput11-32 2019-04-22 12:39:38 UTC (rev 1088)
@@ -667,4 +667,6 @@
ab\x{80000041}z
0: ab\x{80000041}z
+/\[()]{65535}/expand
+
# End of testinput11
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/testdata/testoutput2 2019-04-22 12:39:38 UTC (rev 1088)
@@ -16934,6 +16934,12 @@
abc\=null_context
** Replacement callouts are not supported with null_context.
+/\[()]{65535}()/expand
+Failed: error 197 at offset 131071: too many capturing groups (maximum 65535)
+
+/\[()]{65535}(?<A>)/expand
+Failed: error 197 at offset 131075: too many capturing groups (maximum 65535)
+
# End of testinput2
Error -70: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data
Modified: code/trunk/testdata/testoutput9
===================================================================
--- code/trunk/testdata/testoutput9 2019-04-16 15:34:57 UTC (rev 1087)
+++ code/trunk/testdata/testoutput9 2019-04-22 12:39:38 UTC (rev 1088)
@@ -367,4 +367,7 @@
/(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':ƿ)/
Failed: error 176 at offset 259: name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+/\[()]{65535}/expand
+Failed: error 120 at offset 131070: regular expression is too large
+
# End of testinput9
