[pcre] Fix infinite matching PRUNE (bug #735720)
Petr Pisar
ppisar at fedoraproject.org
Tue Sep 6 16:07:35 UTC 2011
commit 584e50ee6ccbab8621057bc6443a36af738d55d2
Author: Petr Písař <ppisar at redhat.com>
Date: Tue Sep 6 18:07:12 2011 +0200
Fix infinite matching PRUNE (bug #735720)
pcre-8.13-infinite_prune.patch | 115 ++++++++++++++++++++++++++++++++++++++++
pcre.spec | 10 +++-
2 files changed, 124 insertions(+), 1 deletions(-)
---
diff --git a/pcre-8.13-infinite_prune.patch b/pcre-8.13-infinite_prune.patch
new file mode 100644
index 0000000..27ef5f9
--- /dev/null
+++ b/pcre-8.13-infinite_prune.patch
@@ -0,0 +1,115 @@
+r680 | ph10 | 2011-09-06 11:15:54 +0200 (Út, 06 zář 2011) | 2 lines
+
+Fix small return value bug.
+
+Index: pcre_dfa_exec.c
+===================================================================
+--- pcre_dfa_exec.c (revision 679)
++++ pcre_dfa_exec.c (revision 680)
+@@ -768,7 +768,7 @@
+ current_subject > start_subject + md->start_offset)))
+ {
+ if (match_count < 0) match_count = (offsetcount >= 2)? 1 : 0;
+- else if (match_count > 0 && ++match_count * 2 >= offsetcount)
++ else if (match_count > 0 && ++match_count * 2 > offsetcount)
+ match_count = 0;
+ count = ((match_count == 0)? offsetcount : match_count * 2) - 2;
+ if (count > 0) memmove(offsets + 2, offsets, count * sizeof(int));
+
+
+r681 | ph10 | 2011-09-06 11:16:32 +0200 (Út, 06 zář 2011) | 2 lines
+
+Fix loop/bad error when recursed group contains (*PRUNE) etc.
+
+When the number of matches in a pcre_dfa_exec() run exactly filled the
+ovector, the return from the function was zero, implying that there were
+other matches that did not fit. The correct "exactly full" value is now
+returned.
+
+If a subpattern that was called recursively or as a subroutine contained
+(*PRUNE) or any other control that caused it to give a non-standard return,
+invalid errors such as "Error -26 (nested recursion at the same subject
+position)" or even infinite loops could occur.
+
+
+Index: pcre_exec.c
+===================================================================
+--- pcre_exec.c (revision 680)
++++ pcre_exec.c (revision 681)
+@@ -1556,10 +1556,10 @@
+ md, eptrb, RM6);
+ memcpy(md->offset_vector, new_recursive.offset_save,
+ new_recursive.saved_max * sizeof(int));
++ md->recursive = new_recursive.prevrec;
+ if (rrc == MATCH_MATCH || rrc == MATCH_ACCEPT)
+ {
+ DPRINTF(("Recursion matched\n"));
+- md->recursive = new_recursive.prevrec;
+ if (new_recursive.offset_save != stacksave)
+ (pcre_free)(new_recursive.offset_save);
+
+Index: testdata/testoutput11
+===================================================================
+--- testdata/testoutput11 (revision 681)
++++ testdata/testoutput11 (revision 682)
+@@ -1259,4 +1259,12 @@
+ MK: any
+ name
+
++/(?>(?&t)c|(?&t))(?(DEFINE)(?<t>a|b(*PRUNE)c))/
++ a
++ 0: a
++ ba
++ 0: a
++ bba
++ 0: a
++
+ /-- End of testinput11 --/
+Index: testdata/testinput7
+===================================================================
+--- testdata/testinput7 (revision 681)
++++ testdata/testinput7 (revision 682)
+@@ -4699,4 +4699,8 @@
+ /(?(R)a*(?1)|((?R))b)/
+ aaaabcde
+
++/(a+)/
++ \O6aaaa
++ \O8aaaa
++
+ /-- End of testinput7 --/
+Index: testdata/testoutput7
+===================================================================
+--- testdata/testoutput7 (revision 681)
++++ testdata/testoutput7 (revision 682)
+@@ -7846,4 +7846,16 @@
+ aaaabcde
+ Error -26 (nested recursion at the same subject position)
+
++/(a+)/
++ \O6aaaa
++Matched, but too many subsidiary matches
++ 0: aaaa
++ 1: aaa
++ 2: aa
++ \O8aaaa
++ 0: aaaa
++ 1: aaa
++ 2: aa
++ 3: a
++
+ /-- End of testinput7 --/
+Index: testdata/testinput11
+===================================================================
+--- testdata/testinput11 (revision 681)
++++ testdata/testinput11 (revision 682)
+@@ -670,4 +670,9 @@
+ name)/K
+ abc
+
++/(?>(?&t)c|(?&t))(?(DEFINE)(?<t>a|b(*PRUNE)c))/
++ a
++ ba
++ bba
++
+ /-- End of testinput11 --/
diff --git a/pcre.spec b/pcre.spec
index c3c1f66..8b53576 100644
--- a/pcre.spec
+++ b/pcre.spec
@@ -1,6 +1,6 @@
Name: pcre
Version: 8.13
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Perl-compatible regular expression library
Group: System Environment/Libraries
License: BSD
@@ -11,6 +11,10 @@ Patch0: pcre-8.10-multilib.patch
Patch1: pcre-8.12-refused_spelling_terminated.patch
# Upstream bug #1136 fixed after 8.13, rhbz #732368
Patch2: pcre-8.13-named_class_tokenizer.patch
+# Upstream bug
+# <https://lists.exim.org/lurker/message/20110904.203623.a32346f3.en.html>
+# fixed after 8.13, rhbz #735720
+Patch3: pcre-8.13-infinite_prune.patch
BuildRequires: readline-devel
# New libtool to get rid of rpath
BuildRequires: autoconf, automake, libtool
@@ -52,6 +56,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
libtoolize --copy --force && autoreconf
%patch1 -p1 -b .terminated_typos
%patch2 -p1 -b .named_class_tokenizer
+%patch3 -p0 -b .infinite_prune
# One contributor's name is non-UTF-8
for F in ChangeLog; do
iconv -f latin1 -t utf8 "$F" >"${F}.utf8"
@@ -113,6 +118,9 @@ make check
%{_mandir}/man1/pcretest.*
%changelog
+* Tue Sep 06 2011 Petr Pisar <ppisar at redhat.com> - 8.13-4
+- Fix infinite matching PRUNE (bug #735720)
+
* Mon Aug 22 2011 Petr Pisar <ppisar at redhat.com> - 8.13-3
- Fix parsing named class in expression (bug #732368)
More information about the scm-commits
mailing list