From 1a1781e0c954f8bc8543383b4e1923cfbe3bc47f Mon Sep 17 00:00:00 2001
From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
Date: Fri, 27 Mar 2015 17:45:02 +0000
Subject: [PATCH] Fix mutual recursion inside other parentheses stack overflow
 bug.

---
 ChangeLog            | 4 ++++
 src/pcre2_compile.c  | 4 ++--
 testdata/testinput2  | 5 +++++
 testdata/testoutput2 | 6 ++++++
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 53422ed..6e04931 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,10 @@ interacting badly with the code for computing the amount of space needed to
 compile the pattern, leading to a buffer overflow. This bug was discovered by
 the LLVM fuzzer.
 
+10. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
+other kinds of group caused stack overflow at compile time. This bug was
+discovered by the LLVM fuzzer.
+
 
 Version 10.10 06-March-2015
 ---------------------------
diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
index 1b8c939..6937b23 100644
--- a/src/pcre2_compile.c
+++ b/src/pcre2_compile.c
@@ -1331,8 +1331,8 @@ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE);
       empty_branch = FALSE;
       do
         {
-        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cb, NULL))
-          empty_branch = TRUE;
+        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cb, 
+          recurses)) empty_branch = TRUE;
         code += GET(code, 1);
         }
       while (*code == OP_ALT);
diff --git a/testdata/testinput2 b/testdata/testinput2
index 7c52e2b..2acfcca 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4236,4 +4236,9 @@ a random value. /Ix
     ** Failers 
     aaa 
 
+# JIT gives a different error message for the infinite recursion
+
+"(*NO_JIT)((?2)+)((?1)){"
+    abcd{
+
 # End of testinput2 
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 5761e9f..65e7605 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14198,4 +14198,10 @@ No match
     aaa 
 No match
 
+# JIT gives a different error message for the infinite recursion
+
+"(*NO_JIT)((?2)+)((?1)){"
+    abcd{
+Failed: error -52: nested recursion at the same subject position
+
 # End of testinput2