Fix mutual recursion inside other groups stack overflow bug.

git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1537 2f5784b3-3f2a-0410-8824-cb99058d5e15

4 files changed, 10 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 7544978..346a8e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -122,6 +122,10 @@ Version 8.37 xx-xxx-2015
     interacting badly with the code for computing the amount of space needed to
     compile the pattern, leading to a buffer overflow. This bug was discovered
     by the LLVM fuzzer.
+    
+31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
+    other kinds of group caused stack overflow at compile time. This bug was
+    discovered by the LLVM fuzzer.
 
 
 Version 8.36 26-September-2014
diff --git a/pcre_compile.c b/pcre_compile.c
index 34455dc..015e4a1 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -2497,8 +2497,8 @@ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE);
       empty_branch = FALSE;
       do
         {
-        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, NULL))
-          empty_branch = TRUE;
+        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, 
+          recurses)) empty_branch = TRUE;
         code += GET(code, 1);
         }
       while (*code == OP_ALT);
diff --git a/testdata/testinput2 b/testdata/testinput2
index fb928e9..40593e3 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4134,4 +4134,6 @@ backtracking verbs. --/
     bbb
     aaa 
 
+"((?2)+)((?1))"
+
 /-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 70634a2..28937c8 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14343,4 +14343,6 @@ Matched, but too many substrings
     aaa 
 No match
 
+"((?2)+)((?1))"
+
 /-- End of testinput2 --/