ICU-13631 Regex Address Sanitizer fix.
X-SVN-Rev: 41086
This commit is contained in:
Andy Heninger
parent
8da6ef1776
commit
193aa17f08
@ -438,7 +438,7 @@ RegexMatcher &RegexMatcher::appendReplacement(UText *dest,
|
||||
status = U_REGEX_INVALID_CAPTURE_GROUP_NAME;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
} else if (u_isdigit(nextChar)) {
|
||||
// $n Scan for a capture group number
|
||||
int32_t numCaptureGroups = fPattern->fGroupMap->size();
|
||||
@ -459,7 +459,7 @@ RegexMatcher &RegexMatcher::appendReplacement(UText *dest,
|
||||
break;
|
||||
}
|
||||
(void)UTEXT_NEXT32(replacement);
|
||||
groupNum=groupNum*10 + nextDigitVal;
|
||||
groupNum=groupNum*10 + nextDigitVal;
|
||||
++numDigits;
|
||||
}
|
||||
} else {
|
||||
@ -2187,7 +2187,7 @@ int32_t RegexMatcher::split(UText *input,
|
||||
break;
|
||||
}
|
||||
i++;
|
||||
dest[i] = utext_extract_replace(fInputText, dest[i],
|
||||
dest[i] = utext_extract_replace(fInputText, dest[i],
|
||||
start64(groupNum, status), end64(groupNum, status), &status);
|
||||
}
|
||||
|
||||
@ -5469,7 +5469,7 @@ GC_Done:
|
||||
if (lbStartIdx < 0) {
|
||||
// First time through loop.
|
||||
lbStartIdx = fp->fInputIdx - minML;
|
||||
if (lbStartIdx > 0) {
|
||||
if (lbStartIdx > 0 && lbStartIdx < fInputLength) {
|
||||
U16_SET_CP_START(inputBuf, 0, lbStartIdx);
|
||||
}
|
||||
} else {
|
||||
@ -5546,7 +5546,7 @@ GC_Done:
|
||||
if (lbStartIdx < 0) {
|
||||
// First time through loop.
|
||||
lbStartIdx = fp->fInputIdx - minML;
|
||||
if (lbStartIdx > 0) {
|
||||
if (lbStartIdx > 0 && lbStartIdx < fInputLength) {
|
||||
U16_SET_CP_START(inputBuf, 0, lbStartIdx);
|
||||
}
|
||||
} else {
|
||||
@ -5818,3 +5818,4 @@ UOBJECT_DEFINE_RTTI_IMPLEMENTATION(RegexMatcher)
|
||||
U_NAMESPACE_END
|
||||
|
||||
#endif // !UCONFIG_NO_REGULAR_EXPRESSIONS
|
||||
|
||||
|
||||
@ -39,6 +39,7 @@
|
||||
#include "unicode/ustring.h"
|
||||
#include "unicode/utext.h"
|
||||
#include "unicode/utf16.h"
|
||||
#include "cstr.h"
|
||||
#include "regextst.h"
|
||||
#include "regexcmp.h"
|
||||
#include "uvector.h"
|
||||
@ -101,6 +102,7 @@ void RegexTest::runIndexedTest( int32_t index, UBool exec, const char* &name, ch
|
||||
TESTCASE_AUTO(NamedCapture);
|
||||
TESTCASE_AUTO(NamedCaptureLimits);
|
||||
TESTCASE_AUTO(TestBug12884);
|
||||
TESTCASE_AUTO(TestBug13631);
|
||||
TESTCASE_AUTO_END;
|
||||
}
|
||||
|
||||
@ -5806,4 +5808,28 @@ void RegexTest::TestBug12884() {
|
||||
REGEX_ASSERT(status == U_REGEX_TIME_OUT);
|
||||
}
|
||||
|
||||
// Bug 13631. A find() of a pattern with a zero length look-behind assertions
|
||||
// can cause a read past the end of the input text.
|
||||
// The failure is seen when running this test with Clang's Addresss Sanitizer.
|
||||
|
||||
void RegexTest::TestBug13631() {
|
||||
const UChar *pats[] = { u"(?<!^)",
|
||||
u"(?<=^)",
|
||||
nullptr
|
||||
};
|
||||
for (const UChar **pat=pats; *pat; ++pat) {
|
||||
UErrorCode status = U_ZERO_ERROR;
|
||||
UnicodeString upat(*pat);
|
||||
RegexMatcher matcher(upat, 0, status);
|
||||
const UChar s =u'a';
|
||||
UText *ut = utext_openUChars(nullptr, &s, 1, &status);
|
||||
REGEX_CHECK_STATUS;
|
||||
matcher.reset(ut);
|
||||
while (matcher.find()) {
|
||||
}
|
||||
utext_close(ut);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#endif /* !UCONFIG_NO_REGULAR_EXPRESSIONS */
|
||||
|
||||
@ -57,6 +57,7 @@ public:
|
||||
virtual void TestBug11371();
|
||||
virtual void TestBug11480();
|
||||
virtual void TestBug12884();
|
||||
virtual void TestBug13631();
|
||||
|
||||
// The following functions are internal to the regexp tests.
|
||||
virtual void assertUText(const char *expected, UText *actual, const char *file, int line);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user