diff options
author | Serhiy Storchaka <storchaka@gmail.com> | 2013-02-16 19:25:05 (GMT) |
---|---|---|
committer | Serhiy Storchaka <storchaka@gmail.com> | 2013-02-16 19:25:05 (GMT) |
commit | b0c75a7dec2ae9d514ac8df63a4822215e486e1f (patch) | |
tree | 3a95c5e15ada6a2fa4613dcb6a6d2336723c25ba | |
parent | f8def28ff03f3167bd0becabab4dc5d70ee22033 (diff) | |
parent | fa4681691591429466d18e21d7640e3703ab7f28 (diff) | |
download | cpython-b0c75a7dec2ae9d514ac8df63a4822215e486e1f.zip cpython-b0c75a7dec2ae9d514ac8df63a4822215e486e1f.tar.gz cpython-b0c75a7dec2ae9d514ac8df63a4822215e486e1f.tar.bz2 |
Issue #9669: Protect re against infinite loops on zero-width matching in
non-greedy repeat. Patch by Matthew Barnett.
-rw-r--r-- | Lib/test/test_re.py | 9 | ||||
-rw-r--r-- | Misc/NEWS | 3 | ||||
-rw-r--r-- | Modules/_sre.c | 9 |
3 files changed, 19 insertions, 2 deletions
diff --git a/Lib/test/test_re.py b/Lib/test/test_re.py index 9346f8b..f96c3f9 100644 --- a/Lib/test/test_re.py +++ b/Lib/test/test_re.py @@ -681,6 +681,15 @@ class ReTests(unittest.TestCase): self.assertEqual(re.match('(x)*y', 50000*'x'+'y').group(1), 'x') self.assertEqual(re.match('(x)*?y', 50000*'x'+'y').group(1), 'x') + def test_unlimited_zero_width_repeat(self): + # Issue #9669 + self.assertIsNone(re.match(r'(?:a?)*y', 'z')) + self.assertIsNone(re.match(r'(?:a?)+y', 'z')) + self.assertIsNone(re.match(r'(?:a?){2,}y', 'z')) + self.assertIsNone(re.match(r'(?:a?)*?y', 'z')) + self.assertIsNone(re.match(r'(?:a?)+?y', 'z')) + self.assertIsNone(re.match(r'(?:a?){2,}?y', 'z')) + def test_scanner(self): def s_ident(scanner, token): return token def s_operator(scanner, token): return "op%s" % token @@ -178,6 +178,9 @@ Core and Builtins Library ------- +- Issue #9669: Protect re against infinite loops on zero-width matching in + non-greedy repeat. Patch by Matthew Barnett. + - Issue #13169: The maximal repetition number in a regular expression has been increased from 65534 to 2147483647 (on 32-bit platform) or 4294967294 (on 64-bit). diff --git a/Modules/_sre.c b/Modules/_sre.c index c3c983d..7e447a9 100644 --- a/Modules/_sre.c +++ b/Modules/_sre.c @@ -1272,13 +1272,18 @@ entrance: LASTMARK_RESTORE(); - if (ctx->count >= ctx->u.rep->pattern[2] - && ctx->u.rep->pattern[2] != SRE_MAXREPEAT) + if ((ctx->count >= ctx->u.rep->pattern[2] + && ctx->u.rep->pattern[2] != SRE_MAXREPEAT) || + state->ptr == ctx->u.rep->last_ptr) RETURN_FAILURE; ctx->u.rep->count = ctx->count; + /* zero-width match protection */ + DATA_PUSH(&ctx->u.rep->last_ptr); + ctx->u.rep->last_ptr = state->ptr; DO_JUMP(JUMP_MIN_UNTIL_3,jump_min_until_3, ctx->u.rep->pattern+3); + DATA_POP(&ctx->u.rep->last_ptr); if (ret) { RETURN_ON_ERROR(ret); RETURN_SUCCESS; |