From fbb9dc823a06b4815ee8fd8632fc475b8034e379 Mon Sep 17 00:00:00 2001 From: Yves Orton Date: Fri, 27 Jan 2017 10:18:51 +0100 Subject: [PATCH] fix RT #130561 - recursion and optimising away impossible quantifiers are not friends MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ported to 5.24.1: commit 31fc93954d1f379c7a49889d91436ce99818e1f6 Author: Yves Orton Date: Fri Jan 27 10:18:51 2017 +0100 fix RT #130561 - recursion and optimising away impossible quantifiers are not friends Instead of optimising away impossible quantifiers like (foo){1,0} treat them as unquantified, and guard them with an OPFAIL. Thus /(foo){1,0}/ is treated the same as /(*FAIL)(foo)/ this is important in patterns like /(foo){1,0}|(?1)/ where the (?1) needs to be able to recurse into the (foo) even though the (foo){1,0} can never match. It also resolves various issues (SEGVs) with patterns like /((?1)){1,0}/. This patch would have been easier if S_reginsert() documented that it is the callers responsibility to properly set up the NEXT_OFF() of the inserted node (if the node has a NEXT_OFF()) Signed-off-by: Petr Písař --- regcomp.c | 14 +++----------- t/re/pat_rt_report.t | 11 ++++++++++- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/regcomp.c b/regcomp.c index bcb8db5..9f343d3 100644 --- a/regcomp.c +++ b/regcomp.c @@ -11497,19 +11497,11 @@ S_regpiece(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth) nextchar(pRExC_state); if (max < min) { /* If can't match, warn and optimize to fail unconditionally */ - if (SIZE_ONLY) { - - /* We can't back off the size because we have to reserve - * enough space for all the things we are about to throw - * away, but we can shrink it by the amount we are about - * to re-use here */ - RExC_size += PREVOPER(RExC_size) - regarglen[(U8)OPFAIL]; - } - else { + if (PASS2) { ckWARNreg(RExC_parse, "Quantifier {n,m} with n > m can't match"); - RExC_emit = orig_emit; } - ret = reganode(pRExC_state, OPFAIL, 0); + reginsert(pRExC_state, OPFAIL, orig_emit, depth+1); + NEXT_OFF(orig_emit)= regarglen[OPFAIL] + NODE_STEP_REGNODE; return ret; } else if (min == max && *RExC_parse == '?') diff --git a/t/re/pat_rt_report.t b/t/re/pat_rt_report.t index cb02ad2..2c1dbc4 100644 --- a/t/re/pat_rt_report.t +++ b/t/re/pat_rt_report.t @@ -20,7 +20,7 @@ use warnings; use 5.010; use Config; -plan tests => 2500; # Update this when adding/deleting tests. +plan tests => 2502; # Update this when adding/deleting tests. run_tests() unless caller; @@ -1113,6 +1113,15 @@ EOP my $s = "\x{1ff}" . "f" x 32; ok($s =~ /\x{1ff}[[:alpha:]]+/gca, "POSIXA pointer wrap"); } + { + # rt + fresh_perl_is( + '"foo"=~/((?1)){8,0}/; print "ok"', + "ok", {}, 'RT #130561 - allowing impossible quantifier should not cause SEGVs'); + my $s= "foo"; + ok($s=~/(foo){1,0}|(?1)/, + "RT #130561 - allowing impossible quantifier should not break recursion"); + } } # End of sub run_tests 1; -- 2.7.4