diff options
| author | Neil <nyamatongwe@gmail.com> | 2021-09-02 14:25:24 +1000 |
|---|---|---|
| committer | Neil <nyamatongwe@gmail.com> | 2021-09-02 14:25:24 +1000 |
| commit | c9c7c193586c27faaaf7b33b529a47aa200dfdc8 (patch) | |
| tree | 8e1679eee2ce952c6b814c03b9ba7017e75ae0b7 | |
| parent | ed9b464d422a3c55d1a654bff02f5a39ace3d551 (diff) | |
| download | scintilla-mirror-c9c7c193586c27faaaf7b33b529a47aa200dfdc8.tar.gz | |
Bug [#2281] Fix crash with too many subexpressions in regular expression search
with SCFIND_CXX11REGEX.
| -rw-r--r-- | doc/ScintillaHistory.html | 4 | ||||
| -rw-r--r-- | src/Document.cxx | 2 | ||||
| -rw-r--r-- | test/simpleTests.py | 22 |
3 files changed, 27 insertions, 1 deletions
diff --git a/doc/ScintillaHistory.html b/doc/ScintillaHistory.html index 0ae2e9b42..bdf49ffc9 100644 --- a/doc/ScintillaHistory.html +++ b/doc/ScintillaHistory.html @@ -597,6 +597,10 @@ Fix display of fold lines when wrapped so they are only drawn once per line, not on each subline. </li> <li> + Fix crash with too many subexpressions in regular expression search with SCFIND_CXX11REGEX. + <a href="https://sourceforge.net/p/scintilla/bugs/2281/">Bug #2281</a>. + </li> + <li> On Cocoa, fix memory leak caused by circular references. <a href="https://sourceforge.net/p/scintilla/bugs/2268/">Bug #2268</a>. </li> diff --git a/src/Document.cxx b/src/Document.cxx index 657191ee1..8baa84ad8 100644 --- a/src/Document.cxx +++ b/src/Document.cxx @@ -3208,7 +3208,7 @@ bool MatchOnLines(const Document *doc, const Regex ®exp, const RESearchRange } #endif if (matched) { - for (size_t co = 0; co < match.size(); co++) { + for (size_t co = 0; co < match.size() && co < RESearch::MAXTAG; co++) { search.bopat[co] = match[co].first.Pos(); search.eopat[co] = match[co].second.PosRoundUp(); const Sci::Position lenMatch = search.eopat[co] - search.bopat[co]; diff --git a/test/simpleTests.py b/test/simpleTests.py index 0bf082438..5b5ae9c0b 100644 --- a/test/simpleTests.py +++ b/test/simpleTests.py @@ -1236,6 +1236,28 @@ class TestSearch(unittest.TestCase): self.assertEquals(10, self.ed.FindBytes(0, self.ed.Length, b"\t$", flags)) self.assertEquals(0, self.ed.FindBytes(0, self.ed.Length, b"([a]).*\0", flags)) + def testCxx11REFind(self): + flags = self.ed.SCFIND_REGEXP | self.ed.SCFIND_CXX11REGEX + self.assertEquals(-1, self.ed.FindBytes(0, self.ed.Length, b"b.g", 0)) + self.assertEquals(2, self.ed.FindBytes(0, self.ed.Length, b"b.g", flags)) + self.assertEquals(2, self.ed.FindBytes(0, self.ed.Length, rb"\bb.g\b", flags)) + self.assertEquals(-1, self.ed.FindBytes(0, self.ed.Length, b"b[A-Z]g", + flags | self.ed.SCFIND_MATCHCASE)) + self.assertEquals(2, self.ed.FindBytes(0, self.ed.Length, b"b[a-z]g", flags)) + self.assertEquals(6, self.ed.FindBytes(0, self.ed.Length, b"b[a-z]*t", flags)) + self.assertEquals(0, self.ed.FindBytes(0, self.ed.Length, b"^a", flags)) + self.assertEquals(10, self.ed.FindBytes(0, self.ed.Length, b"\t$", flags)) + self.assertEquals(0, self.ed.FindBytes(0, self.ed.Length, b"([a]).*\0", flags)) + + def testCxx11RETooMany(self): + # For bug #2281 + self.ed.InsertText(0, b"3ringsForTheElvenKing") + flags = self.ed.SCFIND_REGEXP | self.ed.SCFIND_CXX11REGEX + # Only MAXTAG (10) matches allocated, but doesn't modify a vulnerable address until 15 + pattern = b"(.)" * 15 + self.assertEquals(0, self.ed.FindBytes(0, self.ed.Length, pattern, flags)) + self.assertEquals(0, self.ed.FindBytes(0, self.ed.Length, pattern, flags)) + def testPhilippeREFind(self): # Requires 1.,72 flags = self.ed.SCFIND_REGEXP |