diff options
author | ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069> | 2017-02-08 17:03:30 +0000 |
---|---|---|
committer | ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069> | 2017-02-08 17:03:30 +0000 |
commit | 5c535d8b83e776056f4fc43e1eee81262df249de (patch) | |
tree | 36c335dd785adbd302c680d9a7fbcc3ce13db292 | |
parent | 0838b4d3d9bc59c4b6323222c42e367d50c9f4cc (diff) | |
download | pcre2-5c535d8b83e776056f4fc43e1eee81262df249de.tar.gz |
Reduce recursion limit for auto-possessify to reduce stack usage at compile
time. Fixes oss-fuzz issue 553.
git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@659 6239d852-aaf2-0410-a92c-79f79f948069
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | src/pcre2_auto_possess.c | 6 | ||||
-rw-r--r-- | testdata/testinput1 | 5 | ||||
-rw-r--r-- | testdata/testoutput1 | 6 |
4 files changed, 20 insertions, 1 deletions
@@ -338,6 +338,10 @@ modules. * LC_ALL was displayed as "LCC_ALL"; * numbers 11, 12 & 13 should end in "th"; * use double quotes in usage message. + +53. When autopossessifying, skip empty branches without recursion, to reduce +stack usage for the benefit of clang with -fsanitize-address, which uses huge +stack frames. Example pattern: /X?(R||){3335}/. Fixes oss-fuzz issue 553. Version 10.22 29-July-2016 diff --git a/src/pcre2_auto_possess.c b/src/pcre2_auto_possess.c index ecc34fb..64ec6df 100644 --- a/src/pcre2_auto_possess.c +++ b/src/pcre2_auto_possess.c @@ -589,6 +589,7 @@ for(;;) case OP_ASSERTBACK_NOT: case OP_ONCE: case OP_ONCE_NC: + /* Atomic sub-patterns and assertions can always auto-possessify their last iterator. However, if the group was entered as a result of checking a previous iterator, this is not possible. */ @@ -606,6 +607,9 @@ for(;;) next_code = code + GET(code, 1); code += PRIV(OP_lengths)[c]; + /* Check each branch. We have to recurse a level for all but the last + branch. */ + while (*next_code == OP_ALT) { if (!compare_opcodes(code, utf, cb, base_list, base_end, rec_limit)) @@ -1067,7 +1071,7 @@ PCRE2_UCHAR c; PCRE2_SPTR end; PCRE2_UCHAR *repeat_opcode; uint32_t list[8]; -int rec_limit = 10000; +int rec_limit = 1000; /* Was 10,000 but clang+ASAN uses a lot of stack. */ for (;;) { diff --git a/testdata/testinput1 b/testdata/testinput1 index 08a9bcc..2de7728 100644 --- a/testdata/testinput1 +++ b/testdata/testinput1 @@ -5826,4 +5826,9 @@ ef) x/x,mark /[s[:digit:]\Q\E-H]+/ s09-H +/a+(?:|b)a/ + aaaa + +/X?(R||){3335}/ + # End of testinput1 diff --git a/testdata/testoutput1 b/testdata/testoutput1 index d07b657..e55a63b 100644 --- a/testdata/testoutput1 +++ b/testdata/testoutput1 @@ -9305,4 +9305,10 @@ No match s09-H 0: s09-H +/a+(?:|b)a/ + aaaa + 0: aaaa + +/X?(R||){3335}/ + # End of testinput1 |