From e97ec7dc839022a3efe740c532ea3e67e4446430 Mon Sep 17 00:00:00 2001 From: ph10 Date: Fri, 27 Mar 2015 17:48:28 +0000 Subject: Fix mutual recursion inside other groups stack overflow bug. git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1537 2f5784b3-3f2a-0410-8824-cb99058d5e15 --- ChangeLog | 4 ++++ pcre_compile.c | 4 ++-- testdata/testinput2 | 2 ++ testdata/testoutput2 | 2 ++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7544978..346a8e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -122,6 +122,10 @@ Version 8.37 xx-xxx-2015 interacting badly with the code for computing the amount of space needed to compile the pattern, leading to a buffer overflow. This bug was discovered by the LLVM fuzzer. + +31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside + other kinds of group caused stack overflow at compile time. This bug was + discovered by the LLVM fuzzer. Version 8.36 26-September-2014 diff --git a/pcre_compile.c b/pcre_compile.c index 34455dc..015e4a1 100644 --- a/pcre_compile.c +++ b/pcre_compile.c @@ -2497,8 +2497,8 @@ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE); empty_branch = FALSE; do { - if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, NULL)) - empty_branch = TRUE; + if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, + recurses)) empty_branch = TRUE; code += GET(code, 1); } while (*code == OP_ALT); diff --git a/testdata/testinput2 b/testdata/testinput2 index fb928e9..40593e3 100644 --- a/testdata/testinput2 +++ b/testdata/testinput2 @@ -4134,4 +4134,6 @@ backtracking verbs. --/ bbb aaa +"((?2)+)((?1))" + /-- End of testinput2 --/ diff --git a/testdata/testoutput2 b/testdata/testoutput2 index 70634a2..28937c8 100644 --- a/testdata/testoutput2 +++ b/testdata/testoutput2 @@ -14343,4 +14343,6 @@ Matched, but too many substrings aaa No match +"((?2)+)((?1))" + /-- End of testinput2 --/ -- cgit v1.2.1