From: K.Kosako <kosako@sofnec.co.jp>
Date: Mon, 29 Jul 2019 03:52:56 +0000 (+0900)
Subject: fix #147: Stack Exhaustion Problem caused by some parsing functions in regcomp.c... 
X-Git-Tag: v6.9.3~23
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4097828d7cc87589864fecf452f2cd46c5f37180;p=onig

fix #147: Stack Exhaustion Problem caused by some parsing functions in regcomp.c making recursive calls to themselves.
---

diff --git a/src/regparse.c b/src/regparse.c
index 123d6cb..1a1ef6b 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -6239,6 +6239,7 @@ parse_char_class(Node** np, PToken* tok, UChar** src, UChar* end, ScanEnv* env)
   env->parse_depth++;
   if (env->parse_depth > ParseDepthLimit)
     return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
+
   prev_cc = (CClassNode* )NULL;
   r = fetch_token_in_cc(tok, src, end, env);
   if (r == TK_CHAR && tok->u.c == '^' && tok->escaped == 0) {
@@ -7820,14 +7821,18 @@ static int
 parse_exp(Node** np, PToken* tok, int term, UChar** src, UChar* end,
           ScanEnv* env, int group_head)
 {
-  int r, len, group = 0;
+  int r, len, group;
   Node* qn;
   Node** tp;
+  unsigned int parse_depth;
 
+  group = 0;
   *np = NULL;
   if (tok->type == (enum TokenSyms )term)
     goto end_of_token;
 
+  parse_depth = env->parse_depth;
+
   switch (tok->type) {
   case TK_ALT:
   case TK_EOT:
@@ -8145,6 +8150,10 @@ parse_exp(Node** np, PToken* tok, int term, UChar** src, UChar* end,
       if (is_invalid_quantifier_target(*tp))
         return ONIGERR_TARGET_OF_REPEAT_OPERATOR_INVALID;
 
+      parse_depth++;
+      if (parse_depth > ParseDepthLimit)
+        return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
+
       qn = node_new_quantifier(tok->u.repeat.lower, tok->u.repeat.upper,
                                r == TK_INTERVAL);
       CHECK_NULL_RETURN_MEMERR(qn);