Add an internal error if handling forward referencing recursion calls has gone

wrong.


git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1590 2f5784b3-3f2a-0410-8824-cb99058d5e15

2 files changed, 16 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 024ec19..2a8b57c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -120,6 +120,11 @@ Version 8.38 xx-xxx-xxxx
 31. Added a check for integer overflow in conditions (?(<digits>) and
     (?(R<digits>). This omission was discovered by Karl Skomski with the LLVM
     fuzzer.
+    
+32. Handling recursive references such as (?2) when the reference is to a group 
+    later in the pattern uses code that is very hacked about and error-prone.
+    It has been re-written for PCRE2. Here in PCRE1, a check has been added to
+    give an internal error if it is obvious that compiling has gone wrong.
 
 
 Version 8.37 28-April-2015
diff --git a/pcre_compile.c b/pcre_compile.c
index 09c8759..3d3b1cc 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -464,7 +464,7 @@ static const char error_texts[] =
   "range out of order in character class\0"
   "nothing to repeat\0"
   /* 10 */
-  "operand of unlimited repeat could match the empty string\0"  /** DEAD **/
+  "internal error: invalid forward reference offset\0"
   "internal error: unexpected repeat\0"
   "unrecognized character after (? or (?-\0"
   "POSIX named classes are supported only within a class\0"
@@ -9434,6 +9434,16 @@ if (cd->hwm > cd->start_workspace)
     int offset, recno;
     cd->hwm -= LINK_SIZE;
     offset = GET(cd->hwm, 0);
+    
+    /* Check that the hwm handling hasn't gone wrong. This whole area is
+    rewritten in PCRE2 because there are some obscure cases. */ 
+     
+    if (offset == 0 || codestart[offset-1] != OP_RECURSE)
+      {
+      errorcode = ERR10; 
+      break;
+      }  
+ 
     recno = GET(codestart, offset);
     if (recno != prev_recno)
       {