diff options
author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-12-08 11:06:40 +0000 |
---|---|---|
committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-12-08 11:06:40 +0000 |
commit | 4f47274a2eb10131d88145ad7fd0eed4027a0c51 (patch) | |
tree | 8b09852db2ab19a579902db89e4a7ee3bab8fc66 | |
parent | 40363ebc19baeab160abaaa55dc84322a89ac35a (diff) | |
download | pcre-4f47274a2eb10131d88145ad7fd0eed4027a0c51.tar.gz |
Fix get_substring_list() bug when \K is used in an assertion.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1620 2f5784b3-3f2a-0410-8824-cb99058d5e15
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | pcre_get.c | 7 | ||||
-rw-r--r-- | testdata/testinput2 | 3 | ||||
-rw-r--r-- | testdata/testoutput2 | 6 |
4 files changed, 17 insertions, 2 deletions
@@ -40,6 +40,9 @@ Version 8.39 xx-xxxxxx-201x group that reset capture numbers (compare 8.38/7 below). Once again, I have just allowed for more memory, even if not needed. (A proper fix is implemented in PCRE2, but it involves a lot of refactoring.) + +10. pcre_get_substring_list() crashed if the use of \K in a match caused the + start of the match to be earlier than the end. Version 8.38 23-November-2015 @@ -461,7 +461,10 @@ pcre_uchar **stringlist; pcre_uchar *p; for (i = 0; i < double_count; i += 2) - size += sizeof(pcre_uchar *) + IN_UCHARS(ovector[i+1] - ovector[i] + 1); + { + size += sizeof(pcre_uchar *) + IN_UCHARS(1); + if (ovector[i+1] > ovector[i]) size += IN_UCHARS(ovector[i+1] - ovector[i]); + } stringlist = (pcre_uchar **)(PUBL(malloc))(size); if (stringlist == NULL) return PCRE_ERROR_NOMEMORY; @@ -477,7 +480,7 @@ p = (pcre_uchar *)(stringlist + stringcount + 1); for (i = 0; i < double_count; i += 2) { - int len = ovector[i+1] - ovector[i]; + int len = (ovector[i+1] > ovector[i])? (ovector[i+1] - ovector[i]) : 0; memcpy(p, subject + ovector[i], IN_UCHARS(len)); *stringlist++ = p; p += len; diff --git a/testdata/testinput2 b/testdata/testinput2 index 00ffe32..967a241 100644 --- a/testdata/testinput2 +++ b/testdata/testinput2 @@ -4232,4 +4232,7 @@ backtracking verbs. --/ /(?<A>)(?J:(?<B>)(?<B>))(?<C>)/ \O\CC +/(?=a\K)/ + ring bpattingbobnd $ 1,oern cou \rb\L + /-- End of testinput2 --/ diff --git a/testdata/testoutput2 b/testdata/testoutput2 index ffb4466..5fb28d5 100644 --- a/testdata/testoutput2 +++ b/testdata/testoutput2 @@ -14644,4 +14644,10 @@ No match Matched, but too many substrings copy substring C failed -7 +/(?=a\K)/ + ring bpattingbobnd $ 1,oern cou \rb\L +Start of matched string is beyond its end - displaying from end to start. + 0: a + 0L + /-- End of testinput2 --/ |