[Python-checkins] python/dist/src/Modules _sre.c,2.84,2.85

niemeyer@users.sourceforge.net niemeyer@users.sourceforge.net
Wed, 06 Nov 2002 19:28:58 -0800 

Update of /cvsroot/python/python/dist/src/Modules
In directory usw-pr-cvs1:/tmp/cvs-serv8064/Modules

Modified Files:
	_sre.c 
Log Message:
Fixed sre bug "[#581080] Provoking infinite scanner loops".

This bug happened because: 1) the scanner_search and scanner_match methods
were not checking the buffer limits before increasing the current pointer;
and 2) SRE_SEARCH was using "if (ptr == end)" as a loop break, instead of
"if (ptr >= end)".

* Modules/_sre.c
  (SRE_SEARCH): Check for "ptr >= end" to break loops, so that we don't
  hang forever if a pointer passing the buffer limit is used.
  (scanner_search,scanner_match): Don't increment the current pointer
  if we're going to pass the buffer limit.

* Misc/NEWS
  Mention the fix.


Index: _sre.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/_sre.c,v
retrieving revision 2.84
retrieving revision 2.85
diff -C2 -d -r2.84 -r2.85
*** _sre.c	6 Nov 2002 14:06:53 -0000	2.84
--- _sre.c	7 Nov 2002 03:28:56 -0000	2.85
***************
*** 1238,1242 ****
              while (ptr < end && (SRE_CODE) ptr[0] != chr)
                  ptr++;
!             if (ptr == end)
                  return 0;
              TRACE(("|%p|%p|SEARCH LITERAL\n", pattern, ptr));
--- 1238,1242 ----
              while (ptr < end && (SRE_CODE) ptr[0] != chr)
                  ptr++;
!             if (ptr >= end)
                  return 0;
              TRACE(("|%p|%p|SEARCH LITERAL\n", pattern, ptr));
***************
*** 1255,1259 ****
              while (ptr < end && !SRE_CHARSET(charset, ptr[0]))
                  ptr++;
!             if (ptr == end)
                  return 0;
              TRACE(("|%p|%p|SEARCH CHARSET\n", pattern, ptr));
--- 1255,1259 ----
              while (ptr < end && !SRE_CHARSET(charset, ptr[0]))
                  ptr++;
!             if (ptr >= end)
                  return 0;
              TRACE(("|%p|%p|SEARCH CHARSET\n", pattern, ptr));
***************
*** 2897,2901 ****
                                 state, status);
  
!     if (status == 0 || state->ptr == state->start)
          state->start = (void*) ((char*) state->ptr + state->charsize);
      else
--- 2897,2902 ----
                                 state, status);
  
!     if ((status == 0 || state->ptr == state->start) &&
!         state->ptr < state->end)
          state->start = (void*) ((char*) state->ptr + state->charsize);
      else
***************
*** 2928,2932 ****
                                 state, status);
  
!     if (status == 0 || state->ptr == state->start)
          state->start = (void*) ((char*) state->ptr + state->charsize);
      else
--- 2929,2934 ----
                                 state, status);
  
!     if ((status == 0 || state->ptr == state->start) &&
!         state->ptr < state->end)
          state->start = (void*) ((char*) state->ptr + state->charsize);
      else