From aae67c0e3a4d8f1d62700ec4788929b1e2267149 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Sat, 16 May 2015 11:05:40 +0000
Subject: [PATCH 2/3] Fix named forward reference to duplicate group number
overflow bug.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Port to 8.32:
commit 2fa78aa4e42bcebf2d616c4ee89c012f29dc3447
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Sat May 16 11:05:40 2015 +0000
Fix named forward reference to duplicate group number overflow bug.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1559 2f5784b3-3f2a-0410-8824-cb99058d5e15
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pcre_compile.c | 8 ++++++++
testdata/testinput1 | 3 +++
testdata/testoutput1 | 5 +++++
3 files changed, 16 insertions(+)
diff --git a/pcre_compile.c b/pcre_compile.c
index 4506e56..6777542 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -6300,6 +6300,14 @@ for (;; ptr++)
16-bit data item. */
*lengthptr += IMM2_SIZE;
+
+ /* If this is a forward reference and we are within a (?|...) group,
+ the reference may end up as the number of a group which we are
+ currently inside, that is, it could be a recursive reference. In the
+ real compile this will be picked up and the reference wrapped with
+ OP_ONCE to make it atomic, so we must space in case this occurs. */
+
+ if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
}
/* In the real compile, seek the name in the table. We check the name
diff --git a/testdata/testinput1 b/testdata/testinput1
index c45e1ba..9f513f6 100644
--- a/testdata/testinput1
+++ b/testdata/testinput1
@@ -5327,4 +5327,7 @@ name were given. ---/
/(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/
1234abcd
+"(?|(\k'Pm')|(?'Pm'))"
+ abcd
+
/-- End of testinput1 --/
diff --git a/testdata/testoutput1 b/testdata/testoutput1
index f0eae49..0fbff41 100644
--- a/testdata/testoutput1
+++ b/testdata/testoutput1
@@ -8834,4 +8834,9 @@ No match
4: <unset>
5:
+"(?|(\k'Pm')|(?'Pm'))"
+ abcd
+ 0:
+ 1:
+
/-- End of testinput1 --/
--
2.5.5