From 007b635b6788f8317747842b02f9c85137277c20 Mon Sep 17 00:00:00 2001 From: ph10 Date: Thu, 18 Jul 2019 17:20:29 +0000 Subject: [PATCH] Fix bug in recent patch for lookbehinds within lookaheads. Fixes ClusterFuzz 15933. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1138 6239d852-aaf2-0410-a92c-79f79f948069 Petr Písař: Ported to 10.33. Signed-off-by: Petr Písař --- src/pcre2_compile.c | 22 +++++++++++++--------- testdata/testinput2 | 3 +++ testdata/testoutput2 | 4 ++++ 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c index 2ae95ed..b68c154 100644 --- a/src/pcre2_compile.c +++ b/src/pcre2_compile.c @@ -136,7 +136,8 @@ static BOOL compile_block *); static int - check_lookbehinds(uint32_t *, uint32_t **, compile_block *); + check_lookbehinds(uint32_t *, uint32_t **, parsed_recurse_check *, + compile_block *); /************************************************* @@ -9004,7 +9005,7 @@ for (;; pptr++) case META_LOOKAHEAD: case META_LOOKAHEADNOT: - *errcodeptr = check_lookbehinds(pptr + 1, &pptr, cb); + *errcodeptr = check_lookbehinds(pptr + 1, &pptr, recurses, cb); if (*errcodeptr != 0) return -1; /* Ignore any qualifiers that follow a lookahead assertion. */ @@ -9326,15 +9327,17 @@ order to process any lookbehinds that they may contain. It stops when it hits a non-nested closing parenthesis in this case, returning a pointer to it. Arguments - pptr points to where to start (start of pattern or start of lookahead) - retptr if not NULL, return the ket pointer here - cb points to the compile block + pptr points to where to start (start of pattern or start of lookahead) + retptr if not NULL, return the ket pointer here + recurses chain of recurse_check to catch mutual recursion + cb points to the compile block -Returns: 0 on success, or an errorcode (cb->erroroffset will be set) +Returns: 0 on success, or an errorcode (cb->erroroffset will be set) */ static int -check_lookbehinds(uint32_t *pptr, uint32_t **retptr, compile_block *cb) +check_lookbehinds(uint32_t *pptr, uint32_t **retptr, + parsed_recurse_check *recurses, compile_block *cb) { int errorcode = 0; int loopcount = 0; @@ -9449,7 +9452,8 @@ for (; *pptr != META_END; pptr++) case META_LOOKBEHIND: case META_LOOKBEHINDNOT: - if (!set_lookbehind_lengths(&pptr, &errorcode, &loopcount, NULL, cb)) + if (!set_lookbehind_lengths(&pptr, &errorcode, &loopcount, + recurses, cb)) return errorcode; break; } @@ -9899,7 +9903,7 @@ lengths. */ if (has_lookbehind) { - errorcode = check_lookbehinds(cb.parsed_pattern, NULL, &cb); + errorcode = check_lookbehinds(cb.parsed_pattern, NULL, NULL, &cb); if (errorcode != 0) goto HAD_CB_ERROR; } diff --git a/testdata/testinput2 b/testdata/testinput2 index d85fc5f..1bfe591 100644 --- a/testdata/testinput2 +++ b/testdata/testinput2 @@ -5600,4 +5600,7 @@ a)"xI /(?<=(?=.(?<=x)))/ ab\=ph +# Expect error (recursion => not fixed length) +/(\2)((?=(?<=\1)))/ + # End of testinput2 diff --git a/testdata/testoutput2 b/testdata/testoutput2 index 6405e26..758b4db 100644 --- a/testdata/testoutput2 +++ b/testdata/testoutput2 @@ -16952,6 +16952,10 @@ Failed: error 187 at offset 10: lookbehind assertion is too long ab\=ph No match +# Expect error (recursion => not fixed length) +/(\2)((?=(?<=\1)))/ +Failed: error 125 at offset 8: lookbehind assertion is not fixed length + # End of testinput2 Error -70: PCRE2_ERROR_BADDATA (unknown error number) Error -62: bad serialized data -- 2.20.1