Attachment #184463 for bug #220818

View | Details | Raw Unified | Return to bug 220818
Collapse All | Expand All

Lines 4-10 Link Here

(-)./Makefile (-1 / +2 lines)
4	PORTNAME= oniguruma	4	PORTNAME= oniguruma
5	PORTVERSION= 5.9.6	5	PORTVERSION= 5.9.6
6	DISTVERSIONPREFIX= v	6	DISTVERSIONPREFIX= v
7	PORTREVISION= 1	7	DISTVERSIONSUFFIX= _p1
		8	PORTREVISION= 2
8	CATEGORIES= devel textproc	9	CATEGORIES= devel textproc
9	PKGNAMESUFFIX= 5	10	PKGNAMESUFFIX= 5
10	DIST_SUBDIR= ruby	11	DIST_SUBDIR= ruby

Lines 1-3 Link Here

(-)./distinfo (-3 / +3 lines)
1	TIMESTAMP = 1480154293	1	TIMESTAMP = 1500353806
2	SHA256 (ruby/kkos-oniguruma-v5.9.6_GH0.tar.gz) = 0746ee6b889f9afe2fc0bf7cb9f21d7847821bbdf07bc938a3a5dfb3f91cc0d5	2	SHA256 (ruby/kkos-oniguruma-v5.9.6_p1_GH0.tar.gz) = dd18e05e6f32b5fdd544a77a00570d342694886ba18574ba193d480ce529ac62
3	SIZE (ruby/kkos-oniguruma-v5.9.6_GH0.tar.gz) = 325378	3	SIZE (ruby/kkos-oniguruma-v5.9.6_p1_GH0.tar.gz) = 409748




--- regexec.c.orig	2016-12-12 01:27:00 UTC
+++ regexec.c
@@ -1425,14 +1425,9 @@ match_at(regex_t* reg, const UChar* str,
       break;
 
     case OP_EXACT1:  MOP_IN(OP_EXACT1);
-#if 0
       DATA_ENSURE(1);
       if (*p != *s) goto fail;
       p++; s++;
-#endif
-      if (*p != *s++) goto fail;
-      DATA_ENSURE(0);
-      p++;
       MOP_OUT;
       break;
 
@@ -3128,6 +3123,7 @@ forward_search_range(regex_t* reg, const
     }
     else {
       UChar *q = p + reg->dmin;
+      if (q >= end) return 0; /* fail */
       while (p < q) p += enclen(reg->enc, p);
     }
   }




--- regparse.c.orig	2016-12-12 01:27:00 UTC
+++ regparse.c
@@ -3032,7 +3032,7 @@ fetch_token_in_cc(OnigToken* tok, UChar*
       }
       else if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_X_HEX2)) {
 	num = scan_unsigned_hexadecimal_number(&p, end, 2, enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
@@ -3048,7 +3048,7 @@ fetch_token_in_cc(OnigToken* tok, UChar*
       prev = p;
       if (IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_ESC_U_HEX4)) {
 	num = scan_unsigned_hexadecimal_number(&p, end, 4, enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
@@ -3064,7 +3064,7 @@ fetch_token_in_cc(OnigToken* tok, UChar*
 	PUNFETCH;
 	prev = p;
 	num = scan_unsigned_octal_number(&p, end, 3, enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
@@ -3371,7 +3371,7 @@ fetch_token(OnigToken* tok, UChar** src,
       }
       else if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_X_HEX2)) {
 	num = scan_unsigned_hexadecimal_number(&p, end, 2, enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
@@ -3387,7 +3387,7 @@ fetch_token(OnigToken* tok, UChar** src,
       prev = p;
       if (IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_ESC_U_HEX4)) {
 	num = scan_unsigned_hexadecimal_number(&p, end, 4, enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
@@ -3436,7 +3436,7 @@ fetch_token(OnigToken* tok, UChar** src,
       if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
 	prev = p;
 	num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
@@ -4060,15 +4060,19 @@ next_state_class(CClassNode* cc, OnigCod
     return ONIGERR_CHAR_CLASS_VALUE_AT_END_OF_RANGE;
 
   if (*state == CCS_VALUE && *type != CCV_CLASS) {
-    if (*type == CCV_SB)
+    if (*type == CCV_SB) {
+      if (*vs > 0xff)
+          return ONIGERR_INVALID_CODE_POINT_VALUE;
       BITSET_SET_BIT(cc->bs, (int )(*vs));
+    }
     else if (*type == CCV_CODE_POINT) {
       r = add_code_range(&(cc->mbuf), env, *vs, *vs);
       if (r < 0) return r;
     }
   }
 
-  *state = CCS_VALUE;
+  if (*state != CCS_START)
+    *state = CCS_VALUE;
   *type  = CCV_CLASS;
   return 0;
 }
@@ -4083,8 +4087,11 @@ next_state_val(CClassNode* cc, OnigCodeP
 
   switch (*state) {
   case CCS_VALUE:
-    if (*type == CCV_SB)
+    if (*type == CCV_SB) {
+      if (*vs > 0xff)
+          return ONIGERR_INVALID_CODE_POINT_VALUE;
       BITSET_SET_BIT(cc->bs, (int )(*vs));
+    }
     else if (*type == CCV_CODE_POINT) {
       r = add_code_range(&(cc->mbuf), env, *vs, *vs);
       if (r < 0) return r;

Return to bug 220818

Line 0 Link Here

(-)./files/patch-regexec.c (+25 lines)
	1	--- regexec.c.orig 2016-12-12 01:27:00 UTC
	2	+++ regexec.c
	3	@@ -1425,14 +1425,9 @@ match_at(regex_t* reg, const UChar* str,
	4	break;
	5
	6	case OP_EXACT1: MOP_IN(OP_EXACT1);
	7	-#if 0
	8	DATA_ENSURE(1);
	9	if (p != s) goto fail;
	10	p++; s++;
	11	-#endif
	12	- if (p != s++) goto fail;
	13	- DATA_ENSURE(0);
	14	- p++;
	15	MOP_OUT;
	16	break;
	17
	18	@@ -3128,6 +3123,7 @@ forward_search_range(regex_t* reg, const
	19	}
	20	else {
	21	UChar *q = p + reg->dmin;
	22	+ if (q >= end) return 0; /* fail */
	23	while (p < q) p += enclen(reg->enc, p);
	24	}
	25	}

Line 0 Link Here

(-)./files/patch-regparse.c (+91 lines)
		1	--- regparse.c.orig 2016-12-12 01:27:00 UTC
		2	+++ regparse.c
		3	@@ -3032,7 +3032,7 @@ fetch_token_in_cc(OnigToken* tok, UChar*
		4	}
		5	else if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_X_HEX2)) {
		6	num = scan_unsigned_hexadecimal_number(&p, end, 2, enc);
		7	- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
		8	+ if (num < 0 \|\| num >= 256) return ONIGERR_TOO_BIG_NUMBER;
		9	if (p == prev) { /* can't read nothing. */
		10	num = 0; /* but, it's not error */
		11	}
		12	@@ -3048,7 +3048,7 @@ fetch_token_in_cc(OnigToken* tok, UChar*
		13	prev = p;
		14	if (IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_ESC_U_HEX4)) {
		15	num = scan_unsigned_hexadecimal_number(&p, end, 4, enc);
		16	- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
		17	+ if (num < 0 \|\| num >= 256) return ONIGERR_TOO_BIG_NUMBER;
		18	if (p == prev) { /* can't read nothing. */
		19	num = 0; /* but, it's not error */
		20	}
		21	@@ -3064,7 +3064,7 @@ fetch_token_in_cc(OnigToken* tok, UChar*
		22	PUNFETCH;
		23	prev = p;
		24	num = scan_unsigned_octal_number(&p, end, 3, enc);
		25	- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
		26	+ if (num < 0 \|\| num >= 256) return ONIGERR_TOO_BIG_NUMBER;
		27	if (p == prev) { /* can't read nothing. */
		28	num = 0; /* but, it's not error */
		29	}
		30	@@ -3371,7 +3371,7 @@ fetch_token(OnigToken* tok, UChar** src,
		31	}
		32	else if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_X_HEX2)) {
		33	num = scan_unsigned_hexadecimal_number(&p, end, 2, enc);
		34	- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
		35	+ if (num < 0 \|\| num >= 256) return ONIGERR_TOO_BIG_NUMBER;
		36	if (p == prev) { /* can't read nothing. */
		37	num = 0; /* but, it's not error */
		38	}
		39	@@ -3387,7 +3387,7 @@ fetch_token(OnigToken* tok, UChar** src,
		40	prev = p;
		41	if (IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_ESC_U_HEX4)) {
		42	num = scan_unsigned_hexadecimal_number(&p, end, 4, enc);
		43	- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
		44	+ if (num < 0 \|\| num >= 256) return ONIGERR_TOO_BIG_NUMBER;
		45	if (p == prev) { /* can't read nothing. */
		46	num = 0; /* but, it's not error */
		47	}
		48	@@ -3436,7 +3436,7 @@ fetch_token(OnigToken* tok, UChar** src,
		49	if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
		50	prev = p;
		51	num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
		52	- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
		53	+ if (num < 0 \|\| num >= 256) return ONIGERR_TOO_BIG_NUMBER;
		54	if (p == prev) { /* can't read nothing. */
		55	num = 0; /* but, it's not error */
		56	}
		57	@@ -4060,15 +4060,19 @@ next_state_class(CClassNode* cc, OnigCod
		58	return ONIGERR_CHAR_CLASS_VALUE_AT_END_OF_RANGE;
		59
		60	if (state == CCS_VALUE && type != CCV_CLASS) {
		61	- if (*type == CCV_SB)
		62	+ if (*type == CCV_SB) {
		63	+ if (*vs > 0xff)
		64	+ return ONIGERR_INVALID_CODE_POINT_VALUE;
65	BITSET_SET_BIT(cc->bs, (int )(*vs));
66	+ }
67	else if (*type == CCV_CODE_POINT) {
68	r = add_code_range(&(cc->mbuf), env, vs, vs);
69	if (r < 0) return r;
70	}
71	}
72
73	- *state = CCS_VALUE;
74	+ if (*state != CCS_START)
75	+ *state = CCS_VALUE;
76	*type = CCV_CLASS;
77	return 0;
78	}
79	@@ -4083,8 +4087,11 @@ next_state_val(CClassNode* cc, OnigCodeP
80
81	switch (*state) {
82	case CCS_VALUE:
83	- if (*type == CCV_SB)
84	+ if (*type == CCV_SB) {
85	+ if (*vs > 0xff)
86	+ return ONIGERR_INVALID_CODE_POINT_VALUE;
87	BITSET_SET_BIT(cc->bs, (int )(*vs));
88	+ }
89	else if (*type == CCV_CODE_POINT) {
90	r = add_code_range(&(cc->mbuf), env, vs, vs);
91	if (r < 0) return r;