From 46ed1a703b067e5b679eacf6500a54dae35f8130 Mon Sep 17 00:00:00 2001 From: ph10 Date: Thu, 3 Dec 2015 17:05:40 +0000 Subject: Fix /x bug when pattern starts with white space and (?-x) git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1617 2f5784b3-3f2a-0410-8824-cb99058d5e15 --- ChangeLog | 6 ++++++ pcre_compile.c | 32 ++++---------------------------- testdata/testoutput2 | 28 ++++++++++++++-------------- 3 files changed, 24 insertions(+), 42 deletions(-) diff --git a/ChangeLog b/ChangeLog index a33c6b7..8b8abd3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,12 @@ Version 8.39 xx-xxxxxx-201x 6 . An empty \Q\E sequence between an item and its qualifier caused pcre_compile() to misbehave when auto callouts were enabled. This bug was found by the LLVM fuzzer. + +7 . If a pattern that was compiled with PCRE_EXTENDED started with white + space or a #-type comment that was followed by (?-x), which turns off + PCRE_EXTENDED, and there was no subsequent (?x) to turn it on again, + pcre_compile() assumed that (?-x) applied to the whole pattern and + consequently mis-compiled it. This bug was found by the LLVM fuzzer. Version 8.38 23-November-2015 diff --git a/pcre_compile.c b/pcre_compile.c index beed46b..57719b9 100644 --- a/pcre_compile.c +++ b/pcre_compile.c @@ -7607,39 +7607,15 @@ for (;; ptr++) newoptions = (options | set) & (~unset); /* If the options ended with ')' this is not the start of a nested - group with option changes, so the options change at this level. If this - item is right at the start of the pattern, the options can be - abstracted and made external in the pre-compile phase, and ignored in - the compile phase. This can be helpful when matching -- for instance in - caseless checking of required bytes. - - If the code pointer is not (cd->start_code + 1 + LINK_SIZE), we are - definitely *not* at the start of the pattern because something has been - compiled. In the pre-compile phase, however, the code pointer can have - that value after the start, because it gets reset as code is discarded - during the pre-compile. However, this can happen only at top level - if - we are within parentheses, the starting BRA will still be present. At - any parenthesis level, the length value can be used to test if anything - has been compiled at that level. Thus, a test for both these conditions - is necessary to ensure we correctly detect the start of the pattern in - both phases. - + group with option changes, so the options change at this level. If we are not at the pattern start, reset the greedy defaults and the case value for firstchar and reqchar. */ if (*ptr == CHAR_RIGHT_PARENTHESIS) { - if (code == cd->start_code + 1 + LINK_SIZE && - (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE)) - { - cd->external_options = newoptions; - } - else - { - greedy_default = ((newoptions & PCRE_UNGREEDY) != 0); - greedy_non_default = greedy_default ^ 1; - req_caseopt = ((newoptions & PCRE_CASELESS) != 0)? REQ_CASELESS:0; - } + greedy_default = ((newoptions & PCRE_UNGREEDY) != 0); + greedy_non_default = greedy_default ^ 1; + req_caseopt = ((newoptions & PCRE_CASELESS) != 0)? REQ_CASELESS:0; /* Change options at this level, and pass them back for use in subsequent branches. */ diff --git a/testdata/testoutput2 b/testdata/testoutput2 index ac33cc4..6c42897 100644 --- a/testdata/testoutput2 +++ b/testdata/testoutput2 @@ -419,7 +419,7 @@ Need char = '>' /(?U)<.*>/I Capturing subpattern count = 0 -Options: ungreedy +No options First char = '<' Need char = '>' abcghinop @@ -443,7 +443,7 @@ Need char = '=' /(?U)={3,}?/I Capturing subpattern count = 0 -Options: ungreedy +No options First char = '=' Need char = '=' abc========def @@ -477,7 +477,7 @@ Failed: lookbehind assertion is not fixed length at offset 12 /(?i)abc/I Capturing subpattern count = 0 -Options: caseless +No options First char = 'a' (caseless) Need char = 'c' (caseless) @@ -489,7 +489,7 @@ No need char /(?i)^1234/I Capturing subpattern count = 0 -Options: anchored caseless +Options: anchored No first char No need char @@ -502,7 +502,7 @@ No need char /(?s).*/I Capturing subpattern count = 0 May match empty string -Options: anchored dotall +Options: anchored No first char No need char @@ -516,7 +516,7 @@ Starting chars: a b c d /(?i)[abcd]/IS Capturing subpattern count = 0 -Options: caseless +No options No first char No need char Subject length lower bound = 1 @@ -524,7 +524,7 @@ Starting chars: A B C D a b c d /(?m)[xy]|(b|c)/IS Capturing subpattern count = 1 -Options: multiline +No options No first char No need char Subject length lower bound = 1 @@ -538,7 +538,7 @@ No need char /(?i)(^a|^b)/Im Capturing subpattern count = 1 -Options: caseless multiline +Options: multiline First char at start or follows newline No need char @@ -1179,7 +1179,7 @@ No need char End ------------------------------------------------------------------ Capturing subpattern count = 1 -Options: anchored dotall +Options: anchored No first char No need char @@ -2735,7 +2735,7 @@ No match End ------------------------------------------------------------------ Capturing subpattern count = 0 -Options: caseless extended +Options: extended First char = 'a' (caseless) Need char = 'c' (caseless) @@ -2748,7 +2748,7 @@ Need char = 'c' (caseless) End ------------------------------------------------------------------ Capturing subpattern count = 0 -Options: caseless extended +Options: extended First char = 'a' (caseless) Need char = 'c' (caseless) @@ -3095,7 +3095,7 @@ Need char = 'b' End ------------------------------------------------------------------ Capturing subpattern count = 0 -Options: ungreedy +No options First char = 'x' Need char = 'b' xaaaab @@ -3497,7 +3497,7 @@ Need char = 'c' /(?i)[ab]/IS Capturing subpattern count = 0 -Options: caseless +No options No first char No need char Subject length lower bound = 1 @@ -6299,7 +6299,7 @@ Capturing subpattern count = 3 Named capturing subpatterns: A 2 A 3 -Options: anchored dupnames +Options: anchored Duplicate name status changes No first char No need char -- cgit v1.2.1