]> granicus.if.org Git - onig/commitdiff
projects / onig / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 402c398)
fix fatal endless loop found by libfuzzer
authorK.Kosako <kosako@sofnec.co.jp>
Mon, 29 Jul 2019 06:49:51 +0000 (15:49 +0900)
committerK.Kosako <kosako@sofnec.co.jp>
Mon, 29 Jul 2019 06:49:51 +0000 (15:49 +0900)
src/regexec.c patch | blob | history

diff --git a/src/regexec.c b/src/regexec.c
index e7818e0b1ff973d691c079690d631d116cfbebc4..a79c0b3cafee2ecebb7c0fa7b41de6e569b9b06e 100644 (file)
--- a/src/regexec.c
+++ b/src/regexec.c
@@ -1950,9 +1950,10 @@ stack_double(int is_alloca, char** arg_alloc_base,
         }\
         else {\
           UChar* endp;\
+          int level = 0;\
           (isnull) = 1;\
           while (k < stk) {\
-            if (k->type == STK_MEM_START) {\
+            if (k->type == STK_MEM_START && level == 0) {\
               STACK_MEM_START_GET_PREV_END_ADDR(k, reg, endp);\
               if (endp == 0) {\
                 (isnull) = 0; break;\
@@ -1964,6 +1965,12 @@ stack_double(int is_alloca, char** arg_alloc_base,
                 (isnull) = -1; /* empty, but position changed */ \
               }\
             }\
+            else if (k->type == STK_PREC_READ_START) {\
+              level++;\
+            }\
+            else if (k->type == STK_PREC_READ_END) {\
+              level--;\
+            }\
             k++;\
           }\
           break;\
@@ -1988,10 +1995,11 @@ stack_double(int is_alloca, char** arg_alloc_base,
           }\
           else {\
             UChar* endp;\
+            int prec_level = 0;\
             (isnull) = 1;\
             while (k < stk) {\
               if (k->type == STK_MEM_START) {\
-                if (level == 0) {\
+                if (level == 0 && prec_level == 0) {\
                   STACK_MEM_START_GET_PREV_END_ADDR(k, reg, endp);\
                   if (endp == 0) {\
                     (isnull) = 0; break;\
@@ -2010,6 +2018,12 @@ stack_double(int is_alloca, char** arg_alloc_base,
               else if (k->type == STK_EMPTY_CHECK_END) {\
                 if (k->zid == (sid)) level--;\
               }\
+              else if (k->type == STK_PREC_READ_START) {\
+                prec_level++;\
+              }\
+              else if (k->type == STK_PREC_READ_END) {\
+                prec_level--;\
+              }\
               k++;\
             }\
             break;\
Unnamed repository; edit this file 'description' to name the repository.