Fix mutual recursion inside other parentheses stack overflow bug.

2015-03-27 17:45:02 +00:00 · 2015-03-27 17:45:02 +00:00 · 1a1781e0c9
commit 1a1781e0c9
parent 625fd31e3e
4 changed files with 17 additions and 2 deletions
--- a/4
+++ b/4
@ -37,6 +37,10 @@ interacting badly with the code for computing the amount of space needed to
 compile the pattern, leading to a buffer overflow. This bug was discovered by
 the LLVM fuzzer.

+10. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
+other kinds of group caused stack overflow at compile time. This bug was
+discovered by the LLVM fuzzer.
+

 Version 10.10 06-March-2015
 ---------------------------
--- a/src/pcre2_compile.c
+++ b/src/pcre2_compile.c
@ -1331,8 +1331,8 @@ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE);
      empty_branch = FALSE;
      do
        {
-        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cb, NULL))
-          empty_branch = TRUE;
+        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cb, 
+          recurses)) empty_branch = TRUE;
        code += GET(code, 1);
        }
      while (*code == OP_ALT);
--- a/testdata/testinput2
+++ b/testdata/testinput2
@ -4236,4 +4236,9 @@ a random value. /Ix
    ** Failers 
    aaa 

+# JIT gives a different error message for the infinite recursion
+
+"(*NO_JIT)((?2)+)((?1)){"
+    abcd{
+
 # End of testinput2 
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@ -14198,4 +14198,10 @@ No match
    aaa 
 No match

+# JIT gives a different error message for the infinite recursion
+
+"(*NO_JIT)((?2)+)((?1)){"
+    abcd{
+Failed: error -52: nested recursion at the same subject position
+
 # End of testinput2