diff options
| author | Marshall Clow <mclow.lists@gmail.com> | 2017-10-19 17:39:16 +0000 |
|---|---|---|
| committer | Marshall Clow <mclow.lists@gmail.com> | 2017-10-19 17:39:16 +0000 |
| commit | 52f0885d4323b85cfed79416de9595e7cbb3ce53 (patch) | |
| tree | 8c1b6e8d0077e36f31f5b5ce4e60ebbd350d1a10 /libcxx | |
| parent | ea35e46b71732e13427679313eb445eb291f73bd (diff) | |
| download | bcm5719-llvm-52f0885d4323b85cfed79416de9595e7cbb3ce53.tar.gz bcm5719-llvm-52f0885d4323b85cfed79416de9595e7cbb3ce53.zip | |
Fix UB - signed integer overflow in regex. Thanks to Tim Shen for the patch. Reviewed as https://reviews.llvm.org/D39066
llvm-svn: 316172
Diffstat (limited to 'libcxx')
| -rw-r--r-- | libcxx/include/regex | 2 | ||||
| -rw-r--r-- | libcxx/test/std/re/re.grammar/excessive_brace_count.pass.cpp | 40 |
2 files changed, 42 insertions, 0 deletions
diff --git a/libcxx/include/regex b/libcxx/include/regex index bd72012040b..80f958e0e19 100644 --- a/libcxx/include/regex +++ b/libcxx/include/regex @@ -4064,6 +4064,8 @@ basic_regex<_CharT, _Traits>::__parse_DUP_COUNT(_ForwardIterator __first, __first != __last && ( __val = __traits_.value(*__first, 10)) != -1; ++__first) { + if (__c >= std::numeric_limits<int>::max() / 10) + __throw_regex_error<regex_constants::error_badbrace>(); __c *= 10; __c += __val; } diff --git a/libcxx/test/std/re/re.grammar/excessive_brace_count.pass.cpp b/libcxx/test/std/re/re.grammar/excessive_brace_count.pass.cpp new file mode 100644 index 00000000000..7fe5f04f81d --- /dev/null +++ b/libcxx/test/std/re/re.grammar/excessive_brace_count.pass.cpp @@ -0,0 +1,40 @@ +//===----------------------------------------------------------------------===// +// +// The LLVM Compiler Infrastructure +// +// This file is dual licensed under the MIT and the University of Illinois Open +// Source Licenses. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +// <regex> +// UNSUPPORTED: libcpp-no-exceptions +// UNSUPPORTED: c++03 + +// the "n" in `a{n}` should be within the numeric limits. + +#include <regex> +#include <cassert> + +int main() { + for (std::regex_constants::syntax_option_type op : + {std::regex::basic, std::regex::grep}) { + try { + (void)std::regex("a\\{100000000000000000\\}", op); + assert(false); + } catch (const std::regex_error &e) { + assert(e.code() == std::regex_constants::error_badbrace); + } + } + for (std::regex_constants::syntax_option_type op : + {std::regex::ECMAScript, std::regex::extended, std::regex::egrep, + std::regex::awk}) { + try { + (void)std::regex("a{100000000000000000}", op); + assert(false); + } catch (const std::regex_error &e) { + assert(e.code() == std::regex_constants::error_badbrace); + } + } + return 0; +} |
