diff options
author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-03-27 17:48:28 +0000 |
---|---|---|
committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-03-27 17:48:28 +0000 |
commit | e97ec7dc839022a3efe740c532ea3e67e4446430 (patch) | |
tree | bc74f5185a07196c9dcbc2f692946438bad4b663 | |
parent | ef430ada283aba3ff71d7de496904f4d137280f8 (diff) | |
download | pcre-e97ec7dc839022a3efe740c532ea3e67e4446430.tar.gz |
Fix mutual recursion inside other groups stack overflow bug.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1537 2f5784b3-3f2a-0410-8824-cb99058d5e15
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | pcre_compile.c | 4 | ||||
-rw-r--r-- | testdata/testinput2 | 2 | ||||
-rw-r--r-- | testdata/testoutput2 | 2 |
4 files changed, 10 insertions, 2 deletions
@@ -122,6 +122,10 @@ Version 8.37 xx-xxx-2015 interacting badly with the code for computing the amount of space needed to compile the pattern, leading to a buffer overflow. This bug was discovered by the LLVM fuzzer. + +31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside + other kinds of group caused stack overflow at compile time. This bug was + discovered by the LLVM fuzzer. Version 8.36 26-September-2014 diff --git a/pcre_compile.c b/pcre_compile.c index 34455dc..015e4a1 100644 --- a/pcre_compile.c +++ b/pcre_compile.c @@ -2497,8 +2497,8 @@ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE); empty_branch = FALSE; do { - if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, NULL)) - empty_branch = TRUE; + if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, + recurses)) empty_branch = TRUE; code += GET(code, 1); } while (*code == OP_ALT); diff --git a/testdata/testinput2 b/testdata/testinput2 index fb928e9..40593e3 100644 --- a/testdata/testinput2 +++ b/testdata/testinput2 @@ -4134,4 +4134,6 @@ backtracking verbs. --/ bbb aaa +"((?2)+)((?1))" + /-- End of testinput2 --/ diff --git a/testdata/testoutput2 b/testdata/testoutput2 index 70634a2..28937c8 100644 --- a/testdata/testoutput2 +++ b/testdata/testoutput2 @@ -14343,4 +14343,6 @@ Matched, but too many substrings aaa No match +"((?2)+)((?1))" + /-- End of testinput2 --/ |