From 22b433eff9a1ffa2454e18405a56650f07b385b5 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Wed, 16 Sep 2015 14:34:31 -0600
Subject: [PATCH] PATCH [perl #123562] Regexp-matching "hangs"
The regex engine got into an infinite loop because of the malformation.
It is trying to back-up over a sequence of UTF-8 continuation bytes.
But the character just before the sequence should be a start byte. If
not, there is a malformation. I added a test to croak if that isn't the
case so that it doesn't just infinitely loop. I did this also in the
similar areas of regexec.c.
Comments long ago added to the code suggested that we check for
malformations in the vicinity of the new tests. But that was never
done. These new tests should be good enough to prevent looping, anyway.
---
regexec.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletion(-)
diff --git a/regexec.c b/regexec.c
index c88f467..1aa0c47 100644
--- a/regexec.c
+++ b/regexec.c
@@ -7864,6 +7864,10 @@ S_reghop3(U8 *s, SSize_t off, const U8* lim)
if (UTF8_IS_CONTINUED(*s)) {
while (s > lim && UTF8_IS_CONTINUATION(*s))
s--;
+ if (! UTF8_IS_START(*s)) {
+ dTHX;
+ Perl_croak(aTHX_ "Malformed UTF-8 character (fatal)");
+ }
}
/* XXX could check well-formedness here */
}
@@ -7890,6 +7894,10 @@ S_reghop4(U8 *s, SSize_t off, const U8* llim, const U8* rlim)
if (UTF8_IS_CONTINUED(*s)) {
while (s > llim && UTF8_IS_CONTINUATION(*s))
s--;
+ if (! UTF8_IS_START(*s)) {
+ dTHX;
+ Perl_croak(aTHX_ "Malformed UTF-8 character (fatal)");
+ }
}
/* XXX could check well-formedness here */
}
@@ -7921,6 +7929,10 @@ S_reghopmaybe3(U8* s, SSize_t off, const U8* lim)
if (UTF8_IS_CONTINUED(*s)) {
while (s > lim && UTF8_IS_CONTINUATION(*s))
s--;
+ if (! UTF8_IS_START(*s)) {
+ dTHX;
+ Perl_croak(aTHX_ "Malformed UTF-8 character (fatal)");
+ }
}
/* XXX could check well-formedness here */
}
--
2.8.1-382-g1352ede
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
f2f195836dff198ea6deee05207ffcaa
>
files
>
22
