summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerhiy Storchaka <storchaka@gmail.com>2013-02-16 19:25:05 (GMT)
committerSerhiy Storchaka <storchaka@gmail.com>2013-02-16 19:25:05 (GMT)
commitb0c75a7dec2ae9d514ac8df63a4822215e486e1f (patch)
tree3a95c5e15ada6a2fa4613dcb6a6d2336723c25ba
parentf8def28ff03f3167bd0becabab4dc5d70ee22033 (diff)
parentfa4681691591429466d18e21d7640e3703ab7f28 (diff)
downloadcpython-b0c75a7dec2ae9d514ac8df63a4822215e486e1f.zip
cpython-b0c75a7dec2ae9d514ac8df63a4822215e486e1f.tar.gz
cpython-b0c75a7dec2ae9d514ac8df63a4822215e486e1f.tar.bz2
Issue #9669: Protect re against infinite loops on zero-width matching in
non-greedy repeat. Patch by Matthew Barnett.
-rw-r--r--Lib/test/test_re.py9
-rw-r--r--Misc/NEWS3
-rw-r--r--Modules/_sre.c9
3 files changed, 19 insertions, 2 deletions
diff --git a/Lib/test/test_re.py b/Lib/test/test_re.py
index 9346f8b..f96c3f9 100644
--- a/Lib/test/test_re.py
+++ b/Lib/test/test_re.py
@@ -681,6 +681,15 @@ class ReTests(unittest.TestCase):
self.assertEqual(re.match('(x)*y', 50000*'x'+'y').group(1), 'x')
self.assertEqual(re.match('(x)*?y', 50000*'x'+'y').group(1), 'x')
+ def test_unlimited_zero_width_repeat(self):
+ # Issue #9669
+ self.assertIsNone(re.match(r'(?:a?)*y', 'z'))
+ self.assertIsNone(re.match(r'(?:a?)+y', 'z'))
+ self.assertIsNone(re.match(r'(?:a?){2,}y', 'z'))
+ self.assertIsNone(re.match(r'(?:a?)*?y', 'z'))
+ self.assertIsNone(re.match(r'(?:a?)+?y', 'z'))
+ self.assertIsNone(re.match(r'(?:a?){2,}?y', 'z'))
+
def test_scanner(self):
def s_ident(scanner, token): return token
def s_operator(scanner, token): return "op%s" % token
diff --git a/Misc/NEWS b/Misc/NEWS
index 0abe0e7..82078c9 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -178,6 +178,9 @@ Core and Builtins
Library
-------
+- Issue #9669: Protect re against infinite loops on zero-width matching in
+ non-greedy repeat. Patch by Matthew Barnett.
+
- Issue #13169: The maximal repetition number in a regular expression has been
increased from 65534 to 2147483647 (on 32-bit platform) or 4294967294 (on
64-bit).
diff --git a/Modules/_sre.c b/Modules/_sre.c
index c3c983d..7e447a9 100644
--- a/Modules/_sre.c
+++ b/Modules/_sre.c
@@ -1272,13 +1272,18 @@ entrance:
LASTMARK_RESTORE();
- if (ctx->count >= ctx->u.rep->pattern[2]
- && ctx->u.rep->pattern[2] != SRE_MAXREPEAT)
+ if ((ctx->count >= ctx->u.rep->pattern[2]
+ && ctx->u.rep->pattern[2] != SRE_MAXREPEAT) ||
+ state->ptr == ctx->u.rep->last_ptr)
RETURN_FAILURE;
ctx->u.rep->count = ctx->count;
+ /* zero-width match protection */
+ DATA_PUSH(&ctx->u.rep->last_ptr);
+ ctx->u.rep->last_ptr = state->ptr;
DO_JUMP(JUMP_MIN_UNTIL_3,jump_min_until_3,
ctx->u.rep->pattern+3);
+ DATA_POP(&ctx->u.rep->last_ptr);
if (ret) {
RETURN_ON_ERROR(ret);
RETURN_SUCCESS;