From f2f972a69aac98b34316d2e944d55f9ef2ca6712 Mon Sep 17 00:00:00 2001 From: ph10 Date: Sun, 29 Mar 2015 15:44:40 +0000 Subject: Fix non-diagnosis of missing assertion after (?(?< not followed by ! or =. git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1539 2f5784b3-3f2a-0410-8824-cb99058d5e15 --- ChangeLog | 5 +++++ pcre_compile.c | 28 +++++++++++++++------------- testdata/testinput2 | 2 ++ testdata/testoutput2 | 5 ++++- 4 files changed, 26 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index aa60599..aa51d88 100644 --- a/ChangeLog +++ b/ChangeLog @@ -131,6 +131,11 @@ Version 8.37 xx-xxx-2015 between a subroutine call and its quantifier was incorrectly compiled, leading to buffer overflow or other errors. This bug was discovered by the LLVM fuzzer. + +33. The illegal pattern /(?(?.*!.*)?)/ was not being diagnosed as missing an + assertion after (?(. The code was failing to check the character after + (?(?< for the ! or = that would indicate a lookbehind assertion. This bug + was discovered by the LLVM fuzzer. Version 8.36 26-September-2014 diff --git a/pcre_compile.c b/pcre_compile.c index 810df84..94e78db 100644 --- a/pcre_compile.c +++ b/pcre_compile.c @@ -2497,7 +2497,7 @@ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE); empty_branch = FALSE; do { - if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, + if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, recurses)) empty_branch = TRUE; code += GET(code, 1); } @@ -6476,18 +6476,18 @@ for (;; ptr++) /* First deal with comments. Putting this code right at the start ensures that comments have no bad side effects. */ - - if (ptr[0] == CHAR_QUESTION_MARK && ptr[1] == CHAR_NUMBER_SIGN) - { - ptr += 2; + + if (ptr[0] == CHAR_QUESTION_MARK && ptr[1] == CHAR_NUMBER_SIGN) + { + ptr += 2; while (*ptr != CHAR_NULL && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++; - if (*ptr == CHAR_NULL) - { - *errorcodeptr = ERR18; - goto FAILED; - } - continue; - } + if (*ptr == CHAR_NULL) + { + *errorcodeptr = ERR18; + goto FAILED; + } + continue; + } /* Now deal with various "verbs" that can be introduced by '*'. */ @@ -6679,7 +6679,9 @@ for (;; ptr++) if (tempptr[1] == CHAR_QUESTION_MARK && (tempptr[2] == CHAR_EQUALS_SIGN || tempptr[2] == CHAR_EXCLAMATION_MARK || - tempptr[2] == CHAR_LESS_THAN_SIGN)) + (tempptr[2] == CHAR_LESS_THAN_SIGN && + (tempptr[3] == CHAR_EQUALS_SIGN || + tempptr[3] == CHAR_EXCLAMATION_MARK)))) { cd->iscondassert = TRUE; break; diff --git a/testdata/testinput2 b/testdata/testinput2 index 40593e3..0e29c7a 100644 --- a/testdata/testinput2 +++ b/testdata/testinput2 @@ -4136,4 +4136,6 @@ backtracking verbs. --/ "((?2)+)((?1))" +"(?(?.*!.*)?)" + /-- End of testinput2 --/ diff --git a/testdata/testoutput2 b/testdata/testoutput2 index 28937c8..f3b2dc4 100644 --- a/testdata/testoutput2 +++ b/testdata/testoutput2 @@ -561,7 +561,7 @@ Failed: assertion expected after (?( at offset 3 Failed: reference to non-existent subpattern at offset 7 /(?(?.*!.*)?)" +Failed: assertion expected after (?( at offset 3 + /-- End of testinput2 --/ -- cgit v1.2.1