ppisar pushed to pcre (f20). "Fix compliation of mutual recursion inside a lookbehind assertion"

notifications at fedoraproject.org notifications at fedoraproject.org
Fri Apr 10 13:47:18 UTC 2015 

>From 1e0eac5695c97e061a7c1a97fb0b8e8f87c06348 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
Date: Thu, 9 Apr 2015 18:29:37 +0200
Subject: Fix compliation of mutual recursion inside a lookbehind assertion


diff --git a/pcre-8.33-Fix-a-bug-concerned-with-scanning-for-empty-string-m.patch b/pcre-8.33-Fix-a-bug-concerned-with-scanning-for-empty-string-m.patch
new file mode 100644
index 0000000..c5478f8
--- /dev/null
+++ b/pcre-8.33-Fix-a-bug-concerned-with-scanning-for-empty-string-m.patch
@@ -0,0 +1,160 @@
+From 03efd00a6f2e015228d88a36c8d1de05e97e43e9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Fri, 10 Apr 2015 14:23:51 +0200
+Subject: [PATCH] Fix a bug concerned with scanning for empty string matching.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This is part of upstream commit ported to 8.33:
+
+commit 74d96caf6251eff2f6c6a3e879268ce2d2a6c9be
+Author: ph10 <ph10 at 2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date:   Fri Jul 5 10:38:37 2013 +0000
+
+    Implement PCRE_INFO_MATCH_EMPTY and fix 2 bugs concerned with scanning for
+    empty string matching.
+
+    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1348 2f5784b3-3f2a-0410-8824-
+cb99058d5e15
+
+Signed-off-by: Petr Písař <ppisar at redhat.com>
+---
+ pcre_compile.c | 67 ++++++++++++++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 51 insertions(+), 16 deletions(-)
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index 0b7d4cf..7e4c7e8 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -2353,15 +2353,23 @@ Arguments:
+   endcode     points to where to stop
+   utf         TRUE if in UTF-8 / UTF-16 / UTF-32 mode
+   cd          contains pointers to tables etc.
++  recurses    chain of recurse_check to catch mutual recursion
+ 
+ Returns:      TRUE if what is matched could be empty
+ */
+ 
++typedef struct recurse_check {
++  struct recurse_check *prev;
++  const pcre_uchar *group;
++} recurse_check;    
++
+ static BOOL
+ could_be_empty_branch(const pcre_uchar *code, const pcre_uchar *endcode,
+-  BOOL utf, compile_data *cd)
++  BOOL utf, compile_data *cd, recurse_check *recurses)
+ {
+ register pcre_uchar c;
++recurse_check this_recurse;
++
+ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE);
+      code < endcode;
+      code = first_significant_code(code + PRIV(OP_lengths)[c], TRUE))
+@@ -2389,25 +2397,50 @@ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE);
+ 
+   if (c == OP_RECURSE)
+     {
+-    const pcre_uchar *scode;
++    const pcre_uchar *scode = cd->start_code + GET(code, 1);
+     BOOL empty_branch;
+ 
+-    /* Test for forward reference */
++    /* Test for forward reference or uncompleted reference. This is disabled
++    when called to scan a completed pattern by setting cd->start_workspace to
++    NULL. */
+ 
+-    for (scode = cd->start_workspace; scode < cd->hwm; scode += LINK_SIZE)
+-      if ((int)GET(scode, 0) == (int)(code + 1 - cd->start_code)) return TRUE;
++    if (cd->start_workspace != NULL)
++      { 
++      const pcre_uchar *tcode; 
++      for (tcode = cd->start_workspace; tcode < cd->hwm; tcode += LINK_SIZE)
++        if ((int)GET(tcode, 0) == (int)(code + 1 - cd->start_code)) return TRUE;
++      if (GET(scode, 1) == 0) return TRUE;    /* Unclosed */
++      }
++    
++    /* If we are scanning a completed pattern, there are no forward references 
++    and all groups are complete. We need to detect whether this is a recursive 
++    call, as otherwise there will be an infinite loop. If it is a recursion,
++    just skip over it. Simple recursions are easily detected. For mutual 
++    recursions we keep a chain on the stack. */ 
++     
++    else
++      {  
++      recurse_check *r = recurses;
++      const pcre_uchar *endgroup = scode;
++       
++      do endgroup += GET(endgroup, 1); while (*endgroup == OP_ALT);
++      if (code >= scode && code <= endgroup) continue;  /* Simple recursion */
++      
++      for (r = recurses; r != NULL; r = r->prev)
++        if (r->group == scode) break;
++      if (r != NULL) continue;   /* Mutual recursion */
++      }
+ 
+-    /* Not a forward reference, test for completed backward reference */
++    /* Completed reference; scan the referenced group, remembering it on the
++    stack chain to detect mutual recursions. */
+ 
+     empty_branch = FALSE;
+-    scode = cd->start_code + GET(code, 1);
+-    if (GET(scode, 1) == 0) return TRUE;    /* Unclosed */
+-
+-    /* Completed backwards reference */
+-
++    this_recurse.prev = recurses;
++    this_recurse.group = scode; 
++     
+     do
+       {
+-      if (could_be_empty_branch(scode, endcode, utf, cd))
++      if (could_be_empty_branch(scode, endcode, utf, cd, &this_recurse))
+         {
+         empty_branch = TRUE;
+         break;
+@@ -2463,7 +2496,7 @@ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE);
+       empty_branch = FALSE;
+       do
+         {
+-        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd))
++        if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, NULL))
+           empty_branch = TRUE;
+         code += GET(code, 1);
+         }
+@@ -2659,7 +2692,7 @@ could_be_empty(const pcre_uchar *code, const pcre_uchar *endcode,
+ {
+ while (bcptr != NULL && bcptr->current_branch >= code)
+   {
+-  if (!could_be_empty_branch(bcptr->current_branch, endcode, utf, cd))
++  if (!could_be_empty_branch(bcptr->current_branch, endcode, utf, cd, NULL))
+     return FALSE;
+   bcptr = bcptr->outer;
+   }
+@@ -5398,7 +5431,7 @@ for (;; ptr++)
+             pcre_uchar *scode = bracode;
+             do
+               {
+-              if (could_be_empty_branch(scode, ketcode, utf, cd))
++              if (could_be_empty_branch(scode, ketcode, utf, cd, NULL))
+                 {
+                 *bracode += OP_SBRA - OP_BRA;
+                 break;
+@@ -8231,10 +8264,12 @@ if (cd->hwm > cd->start_workspace)
+     }
+   }
+ 
+-/* If the workspace had to be expanded, free the new memory. */
++/* If the workspace had to be expanded, free the new memory. Set the pointer to 
++NULL to indicate that forward references have been filled in. */
+ 
+ if (cd->workspace_size > COMPILE_WORK_SIZE)
+   (PUBL(free))((void *)cd->start_workspace);
++cd->start_workspace = NULL;   
+ 
+ /* Give an error if there's back reference to a non-existent capturing
+ subpattern. */
+-- 
+2.1.0
+
diff --git a/pcre-8.33-Fix-stack-overflow-instead-of-diagnostic-for-mutual-.patch b/pcre-8.33-Fix-stack-overflow-instead-of-diagnostic-for-mutual-.patch
new file mode 100644
index 0000000..0f8f6d1
--- /dev/null
+++ b/pcre-8.33-Fix-stack-overflow-instead-of-diagnostic-for-mutual-.patch
@@ -0,0 +1,146 @@
+From 519375fc19700ada5543e1f3eeaece6a25989e89 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Thu, 9 Apr 2015 18:35:04 +0200
+Subject: [PATCH] Fix stack overflow instead of diagnostic for mutual recursion
+ inside a lookbehind assertion.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Upstream commit porter to 8.33:
+
+commit 256d94987eecd7eb87b37e1c981a4e753ed8ab7a
+Author: ph10 <ph10 at 2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date:   Wed Apr 1 15:43:53 2015 +0000
+
+    Fix stack overflow instead of diagnostic for mutual recursion inside a
+    lookbehind assertion.
+
+    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1542 2f5784b3-3f2a-0410-8824-cb99058d5e15
+
+Signed-off-by: Petr Písař <ppisar at redhat.com>
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index 7e4c7e8..a6e6f2d 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -648,6 +648,14 @@ static const pcre_uint8 ebcdic_chartab[] = { /* chartable partial dup */
+ #endif
+ 
+ 
++/* Structure for mutual recursion detection. */
++
++typedef struct recurse_check {
++  struct recurse_check *prev;
++  const pcre_uchar *group;
++} recurse_check;
++
++
+ 
+ /*************************************************
+ *            Find an error text                  *
+@@ -1733,6 +1741,7 @@ Arguments:
+   utf      TRUE in UTF-8 / UTF-16 / UTF-32 mode
+   atend    TRUE if called when the pattern is complete
+   cd       the "compile data" structure
++  recurses    chain of recurse_check to catch mutual recursion
+ 
+ Returns:   the fixed length,
+              or -1 if there is no fixed length,
+@@ -1742,10 +1751,11 @@ Returns:   the fixed length,
+ */
+ 
+ static int
+-find_fixedlength(pcre_uchar *code, BOOL utf, BOOL atend, compile_data *cd)
++find_fixedlength(pcre_uchar *code, BOOL utf, BOOL atend, compile_data *cd,
++  recurse_check *recurses)
+ {
+ int length = -1;
+-
++recurse_check this_recurse;
+ register int branchlength = 0;
+ register pcre_uchar *cc = code + 1 + LINK_SIZE;
+ 
+@@ -1770,7 +1780,8 @@ for (;;)
+     case OP_ONCE:
+     case OP_ONCE_NC:
+     case OP_COND:
+-    d = find_fixedlength(cc + ((op == OP_CBRA)? IMM2_SIZE : 0), utf, atend, cd);
++    d = find_fixedlength(cc + ((op == OP_CBRA)? IMM2_SIZE : 0), utf, atend, cd,
++      recurses);
+     if (d < 0) return d;
+     branchlength += d;
+     do cc += GET(cc, 1); while (*cc == OP_ALT);
+@@ -1804,7 +1815,15 @@ for (;;)
+     cs = ce = (pcre_uchar *)cd->start_code + GET(cc, 1);  /* Start subpattern */
+     do ce += GET(ce, 1); while (*ce == OP_ALT);           /* End subpattern */
+     if (cc > cs && cc < ce) return -1;                    /* Recursion */
+-    d = find_fixedlength(cs + IMM2_SIZE, utf, atend, cd);
++    else   /* Check for mutual recursion */
++      {
++      recurse_check *r = recurses;
++      for (r = recurses; r != NULL; r = r->prev) if (r->group == cs) break;
++      if (r != NULL) return -1;   /* Mutual recursion */
++      }
++    this_recurse.prev = recurses;
++    this_recurse.group = cs;
++    d = find_fixedlength(cs + IMM2_SIZE, utf, atend, cd, &this_recurse);
+     if (d < 0) return d;
+     branchlength += d;
+     cc += 1 + LINK_SIZE;
+@@ -2358,11 +2377,6 @@ Arguments:
+ Returns:      TRUE if what is matched could be empty
+ */
+ 
+-typedef struct recurse_check {
+-  struct recurse_check *prev;
+-  const pcre_uchar *group;
+-} recurse_check;    
+-
+ static BOOL
+ could_be_empty_branch(const pcre_uchar *code, const pcre_uchar *endcode,
+   BOOL utf, compile_data *cd, recurse_check *recurses)
+@@ -7301,7 +7315,7 @@ for (;;)
+       int fixed_length;
+       *code = OP_END;
+       fixed_length = find_fixedlength(last_branch,  (options & PCRE_UTF8) != 0,
+-        FALSE, cd);
++        FALSE, cd, NULL);
+       DPRINTF(("fixed length = %d\n", fixed_length));
+       if (fixed_length == -3)
+         {
+@@ -8304,7 +8318,7 @@ if (cd->check_lookbehind)
+       int end_op = *be;
+       *be = OP_END;
+       fixed_length = find_fixedlength(cc, (re->options & PCRE_UTF8) != 0, TRUE,
+-        cd);
++        cd, NULL);
+       *be = end_op;
+       DPRINTF(("fixed length = %d\n", fixed_length));
+       if (fixed_length < 0)
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index aba73af..b23fe6b 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -3845,4 +3845,6 @@ backtracking verbs. --/
+ "(?(?=)?==)(((((((((?=)))))))))"
+     a
+ 
++"(?<=((?2))((?1)))"
++
+ /-- End of testinput2 --/
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 0dcc5f9..028b100 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -12699,4 +12699,7 @@ Error -21 (recursion limit exceeded)
+     a
+ No match
+ 
++"(?<=((?2))((?1)))"
++Failed: lookbehind assertion is not fixed length at offset 17
++
+ /-- End of testinput2 --/
+-- 
+2.1.0
+
diff --git a/pcre.spec b/pcre.spec
index f540d6d..80862ae 100644
--- a/pcre.spec
+++ b/pcre.spec
@@ -43,6 +43,13 @@ Patch10: pcre-8.33-Fix-memory-bug-for-S-V-H-compile.patch
 # Fix compilation of a parenthesized comment, bug #1210410,
 # in upstream after 8.36
 Patch11: pcre-8.36-Fix-comment-between-subroutine-call-and-quantifier-b.patch
+# Fix checking if a group can match empty string. Needed for
+# Fix-stack-overflow-instead-of-diagnostic-for-mutual patch. Bug #1210417,
+# in upstream after 8.33
+Patch12: pcre-8.33-Fix-a-bug-concerned-with-scanning-for-empty-string-m.patch
+# Fix compliation of mutual recursion inside a lookbehind assertion,
+# bug #1210417, in upstream after 8.36
+Patch13: pcre-8.33-Fix-stack-overflow-instead-of-diagnostic-for-mutual-.patch
 BuildRequires: readline-devel
 # New libtool to get rid of rpath
 BuildRequires: autoconf, automake, libtool
@@ -94,6 +101,8 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
 %patch9 -p1 -b .zero_repeat_assertion
 %patch10 -p1 -b .size_special_class
 %patch11 -p1 -b .parenthesized_comment
+%patch12 -p1 -b .empty_string_check
+%patch13 -p1 -b .mutual_recursion_in_assertion
 # Because of rpath patch
 libtoolize --copy --force && autoreconf -vif
 # One contributor's name is non-UTF-8
@@ -161,6 +170,8 @@ make check
 - Fix computing size for pattern with a negated special calss in on-UCP mode
   (bug #1210383)
 - Fix compilation of a parenthesized comment (bug #1210410)
+- Fix compliation of mutual recursion inside a lookbehind assertion
+  (bug #1210417)
 
 * Tue Dec 02 2014 Petr Pisar <ppisar at redhat.com> - 8.33-8
 - Fix CVE-2014-8964 (unused memory usage on zero-repeat assertion condition)
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/pcre.git/commit/?h=f20&id=1e0eac5695c97e061a7c1a97fb0b8e8f87c06348

More information about the scm-commits mailing list