diff options
| author | bellard <6490144+bellard@users.noreply.github.com> | 2020-11-08 14:30:56 +0100 |
|---|---|---|
| committer | bellard <6490144+bellard@users.noreply.github.com> | 2020-11-08 14:30:56 +0100 |
| commit | b1f67dfc1a7372dd665246cf1c203528e5057e42 (patch) | |
| tree | b68346b1d20aa2e709c44a4f7ea902dd3ba6336f /libregexp.c | |
| parent | 7c312df422572cf867f29a1d80693e8a77f7fb2a (diff) | |
| download | quickjs-b1f67dfc1a7372dd665246cf1c203528e5057e42.tar.gz quickjs-b1f67dfc1a7372dd665246cf1c203528e5057e42.zip | |
2020-11-08 release
Diffstat (limited to 'libregexp.c')
| -rw-r--r-- | libregexp.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/libregexp.c b/libregexp.c index bbb5e9d..379bfc7 100644 --- a/libregexp.c +++ b/libregexp.c @@ -75,7 +75,7 @@ typedef struct { int capture_count; int total_capture_count; /* -1 = not computed yet */ int has_named_captures; /* -1 = don't know, 0 = no, 1 = yes */ - void *mem_opaque; + void *opaque; DynBuf group_names; union { char error_msg[TMP_BUF_SIZE]; @@ -230,7 +230,7 @@ static int cr_init_char_range(REParseState *s, CharRange *cr, uint32_t c) invert = c & 1; c_pt = char_range_table[c >> 1]; len = *c_pt++; - cr_init(cr, s->mem_opaque, lre_realloc); + cr_init(cr, s->opaque, lre_realloc); for(i = 0; i < len * 2; i++) { if (cr_add_point(cr, c_pt[i])) goto fail; @@ -625,7 +625,7 @@ static int parse_unicode_property(REParseState *s, CharRange *cr, p++; q = name; while (is_unicode_char(*p)) { - if ((q - name) > sizeof(name) - 1) + if ((q - name) >= sizeof(name) - 1) goto unknown_property_name; *q++ = *p++; } @@ -634,7 +634,7 @@ static int parse_unicode_property(REParseState *s, CharRange *cr, if (*p == '=') { p++; while (is_unicode_char(*p)) { - if ((q - value) > sizeof(value) - 1) + if ((q - value) >= sizeof(value) - 1) return re_parse_error(s, "unknown unicode property value"); *q++ = *p++; } @@ -651,7 +651,7 @@ static int parse_unicode_property(REParseState *s, CharRange *cr, } else if (!strcmp(name, "Script_Extensions") || !strcmp(name, "scx")) { script_ext = TRUE; do_script: - cr_init(cr, s->mem_opaque, lre_realloc); + cr_init(cr, s->opaque, lre_realloc); ret = unicode_script(cr, value, script_ext); if (ret) { cr_free(cr); @@ -661,7 +661,7 @@ static int parse_unicode_property(REParseState *s, CharRange *cr, goto out_of_memory; } } else if (!strcmp(name, "General_Category") || !strcmp(name, "gc")) { - cr_init(cr, s->mem_opaque, lre_realloc); + cr_init(cr, s->opaque, lre_realloc); ret = unicode_general_category(cr, value); if (ret) { cr_free(cr); @@ -671,7 +671,7 @@ static int parse_unicode_property(REParseState *s, CharRange *cr, goto out_of_memory; } } else if (value[0] == '\0') { - cr_init(cr, s->mem_opaque, lre_realloc); + cr_init(cr, s->opaque, lre_realloc); ret = unicode_general_category(cr, name); if (ret == -1) { cr_free(cr); @@ -864,7 +864,7 @@ static int re_parse_char_class(REParseState *s, const uint8_t **pp) CharRange cr1_s, *cr1 = &cr1_s; BOOL invert; - cr_init(cr, s->mem_opaque, lre_realloc); + cr_init(cr, s->opaque, lre_realloc); p = *pp; p++; /* skip '[' */ invert = FALSE; @@ -1147,9 +1147,13 @@ static int re_parse_captures(REParseState *s, int *phas_named_captures, } } capture_index++; + if (capture_index >= CAPTURE_COUNT_MAX) + goto done; } } else { capture_index++; + if (capture_index >= CAPTURE_COUNT_MAX) + goto done; } break; case '\\': @@ -1163,6 +1167,7 @@ static int re_parse_captures(REParseState *s, int *phas_named_captures, break; } } + done: if (capture_name) return -1; else @@ -1734,6 +1739,9 @@ static int re_parse_disjunction(REParseState *s, BOOL is_backward_dir) { int start, len, pos; + if (lre_check_stack_overflow(s->opaque, 0)) + return re_parse_error(s, "stack overflow"); + start = s->byte_code.size; if (re_parse_alternative(s, is_backward_dir)) return -1; @@ -1819,7 +1827,7 @@ uint8_t *lre_compile(int *plen, char *error_msg, int error_msg_size, BOOL is_sticky; memset(s, 0, sizeof(*s)); - s->mem_opaque = opaque; + s->opaque = opaque; s->buf_ptr = (const uint8_t *)buf; s->buf_end = s->buf_ptr + buf_len; s->buf_start = s->buf_ptr; |