Issue #18684: Fixed reading out of the buffer in the re module.

author: Serhiy Storchaka <storchaka@gmail.com> 2015-07-06 10:58:33 (GMT)
committer: Serhiy Storchaka <storchaka@gmail.com> 2015-07-06 10:58:33 (GMT)
commit: 03d6ee382340dc1db57d7bbc269de0e102ed1a7a (patch)
tree: ea512d959a8e61b90e1a1a13ed49f37928bd703f /Modules/_sre.c
parent: 0357268d96d4ff3546cfd89f594a5630a3adf747 (diff)
download: cpython-03d6ee382340dc1db57d7bbc269de0e102ed1a7a.zip
cpython-03d6ee382340dc1db57d7bbc269de0e102ed1a7a.tar.gz
cpython-03d6ee382340dc1db57d7bbc269de0e102ed1a7a.tar.bz2
1 files changed, 21 insertions, 5 deletions
diff --git a/Modules/_sre.c b/Modules/_sre.c
index 300d883..d6fcda1 100644
--- a/Modules/_sre.c
+++ b/Modules/_sre.c
@@ -883,7 +883,7 @@ pattern_split(PatternObject* self, PyObject* args, PyObject* kw)
         }
 
         if (state.start == state.ptr) {
-            if (last == state.end)
+            if (last == state.end || state.ptr == state.end)
                 break;
             /* skip one character */
             state.start = (void*) ((char*) state.ptr + state.charsize);
@@ -1081,6 +1081,8 @@ pattern_subx(PatternObject* self, PyObject* ptemplate, PyObject* string,
 
 next:
         /* move on */
+        if (state.ptr == state.end)
+            break;
         if (state.ptr == state.start)
             state.start = (void*) ((char*) state.ptr + state.charsize);
         else
@@ -2567,6 +2569,9 @@ scanner_match(ScannerObject* self, PyObject *unused)
     PyObject* match;
     Py_ssize_t status;
 
+    if (state->start == NULL)
+        Py_RETURN_NONE;
+
     state_reset(state);
 
     state->ptr = state->start;
@@ -2578,10 +2583,14 @@ scanner_match(ScannerObject* self, PyObject *unused)
     match = pattern_new_match((PatternObject*) self->pattern,
                                state, status);
 
-    if (status == 0 || state->ptr == state->start)
+    if (status == 0)
+        state->start = NULL;
+    else if (state->ptr != state->start)
+        state->start = state->ptr;
+    else if (state->ptr != state->end)
         state->start = (void*) ((char*) state->ptr + state->charsize);
     else
-        state->start = state->ptr;
+        state->start = NULL;
 
     return match;
 }
@@ -2594,6 +2603,9 @@ scanner_search(ScannerObject* self, PyObject *unused)
     PyObject* match;
     Py_ssize_t status;
 
+    if (state->start == NULL)
+        Py_RETURN_NONE;
+
     state_reset(state);
 
     state->ptr = state->start;
@@ -2605,10 +2617,14 @@ scanner_search(ScannerObject* self, PyObject *unused)
     match = pattern_new_match((PatternObject*) self->pattern,
                                state, status);
 
-    if (status == 0 || state->ptr == state->start)
+    if (status == 0)
+        state->start = NULL;
+    else if (state->ptr != state->start)
+        state->start = state->ptr;
+    else if (state->ptr != state->end)
         state->start = (void*) ((char*) state->ptr + state->charsize);
     else
-        state->start = state->ptr;
+        state->start = NULL;
 
     return match;
 }
author	Serhiy Storchaka <storchaka@gmail.com>	2015-07-06 10:58:33 (GMT)
committer	Serhiy Storchaka <storchaka@gmail.com>	2015-07-06 10:58:33 (GMT)
commit	03d6ee382340dc1db57d7bbc269de0e102ed1a7a (patch)
tree	ea512d959a8e61b90e1a1a13ed49f37928bd703f /Modules/_sre.c
parent	0357268d96d4ff3546cfd89f594a5630a3adf747 (diff)
download	cpython-03d6ee382340dc1db57d7bbc269de0e102ed1a7a.zip cpython-03d6ee382340dc1db57d7bbc269de0e102ed1a7a.tar.gz cpython-03d6ee382340dc1db57d7bbc269de0e102ed1a7a.tar.bz2