diff options
author | zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-08-24 09:49:06 +0000 |
---|---|---|
committer | zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-08-24 09:49:06 +0000 |
commit | 3d03682cb04729fe44211dc04d01d5075d7437c1 (patch) | |
tree | abd0aa6ec829696d5e811fb7a77c36feca2d5af6 | |
parent | f25903ade90a9177cf1175eb48fb36e500b3cca4 (diff) | |
download | pcre-3d03682cb04729fe44211dc04d01d5075d7437c1.tar.gz |
Fix two assertion fails in JIT found by Karl Skomski.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1595 2f5784b3-3f2a-0410-8824-cb99058d5e15
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | pcre_jit_compile.c | 12 | ||||
-rw-r--r-- | testdata/testinput12 | 2 | ||||
-rw-r--r-- | testdata/testinput6 | 3 | ||||
-rw-r--r-- | testdata/testoutput12 | 2 | ||||
-rw-r--r-- | testdata/testoutput6 | 4 |
6 files changed, 22 insertions, 4 deletions
@@ -140,6 +140,9 @@ Version 8.38 xx-xxx-xxxx PCRE2 by refactoring the way references are handled. Wen Guanxing from Venustech ADLAB discovered this bug. +37. Fix two assertion fails in JIT. These issues were found by Karl Skomski + with a custom LLVM fuzzer. + Version 8.37 28-April-2015 -------------------------- diff --git a/pcre_jit_compile.c b/pcre_jit_compile.c index 868d1d9..9301394 100644 --- a/pcre_jit_compile.c +++ b/pcre_jit_compile.c @@ -4931,9 +4931,10 @@ else if ((cc[-1] & XCL_MAP) != 0) if (!check_class_ranges(common, (const pcre_uint8 *)cc, FALSE, TRUE, list)) { #ifdef COMPILE_PCRE8 - SLJIT_ASSERT(common->utf); + jump = NULL; + if (common->utf) #endif - jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255); + jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255); OP2(SLJIT_AND, TMP2, 0, TMP1, 0, SLJIT_IMM, 0x7); OP2(SLJIT_LSHR, TMP1, 0, TMP1, 0, SLJIT_IMM, 3); @@ -4942,7 +4943,10 @@ else if ((cc[-1] & XCL_MAP) != 0) OP2(SLJIT_AND | SLJIT_SET_E, SLJIT_UNUSED, 0, TMP1, 0, TMP2, 0); add_jump(compiler, list, JUMP(SLJIT_NOT_ZERO)); - JUMPHERE(jump); +#ifdef COMPILE_PCRE8 + if (common->utf) +#endif + JUMPHERE(jump); } OP1(SLJIT_MOV, TMP1, 0, TMP3, 0); @@ -9660,7 +9664,7 @@ static SLJIT_INLINE void compile_recurse(compiler_common *common) DEFINE_COMPILER; pcre_uchar *cc = common->start + common->currententry->start; pcre_uchar *ccbegin = cc + 1 + LINK_SIZE + (*cc == OP_BRA ? 0 : IMM2_SIZE); -pcre_uchar *ccend = bracketend(cc); +pcre_uchar *ccend = bracketend(cc) - (1 + LINK_SIZE); BOOL needs_control_head; int framesize = get_framesize(common, cc, NULL, TRUE, &needs_control_head); int private_data_size = get_private_data_copy_length(common, ccbegin, ccend, needs_control_head); diff --git a/testdata/testinput12 b/testdata/testinput12 index c455cbb..e109de7 100644 --- a/testdata/testinput12 +++ b/testdata/testinput12 @@ -99,4 +99,6 @@ and a couple of things that are different with JIT. --/ /(?:|a|){100}x/S++ +/(x(?1)){4}/S++ + /-- End of testinput12 --/ diff --git a/testdata/testinput6 b/testdata/testinput6 index 02cef0d..5666fbc 100644 --- a/testdata/testinput6 +++ b/testdata/testinput6 @@ -1502,4 +1502,7 @@ /\C\X*QT/8 Ӆ\x0aT +/[\pS#moq]/ + = + /-- End of testinput6 --/ diff --git a/testdata/testoutput12 b/testdata/testoutput12 index 202ff78..4fe0417 100644 --- a/testdata/testoutput12 +++ b/testdata/testoutput12 @@ -195,4 +195,6 @@ No match, mark = m (JIT) /(?:|a|){100}x/S++ +/(x(?1)){4}/S++ + /-- End of testinput12 --/ diff --git a/testdata/testoutput6 b/testdata/testoutput6 index 3f035b8..72e4f46 100644 --- a/testdata/testoutput6 +++ b/testdata/testoutput6 @@ -2469,4 +2469,8 @@ No match Ӆ\x0aT No match +/[\pS#moq]/ + = + 0: = + /-- End of testinput6 --/ |