------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1463 Summary: pcre-8.35 fails test with GCC 4.9 Product: PCRE Version: 8.35 Platform: Other URL: http://gcc.gnu.org/gcc-4.9/changes.html OS/Version: Linux Status: NEW Severity: bug Priority: medium Component: Code AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] When using gcc version 4.9.0 20140409 (Red Hat 4.9.0-0.9) prerelease, pcre-8.35 fails some tests: FAIL: RunTest ============= PCRE C library tests using test data from ./testdata PCRE version 8.35 2014-04-04 ---- Testing 8-bit library ---- Test 1: Main functionality (Compatible with Perl >= 5.10) OK OK with study OK with JIT study Test 2: API, errors, internals, and non-Perl stuff (not UTF-8) --- ./testdata/testoutput2 2014-03-10 17:28:08.000000000 +0100 +++ testtry 2014-04-11 08:50:20.688000000 +0200 @@ -5821,13 +5821,16 @@ No match /a{11111111111111111111}/I -Failed: number too big in {} quantifier at offset 22 +Capturing subpattern count = 0 +No options +First char = 'a' +No need char /(){64294967295}/I -Failed: number too big in {} quantifier at offset 14 +Failed: regular expression is too large at offset 15 /(){2,4294967295}/I -Failed: number too big in {} quantifier at offset 15 +Failed: numbers out of order in {} quantifier at offset 15 "(?i:a)(?i:b)(?i:c)(?i:d)(?i:e)(?i:f)(?i:g)(?i:h)(?i:i)(?i:j)(k)(?i:l)A\1B"I Capturing subpattern count = 1 This looks like a wrapping signed integer which is undefined in C language. If I recompile with -fsanitize=undefined in CFLAGS and LDFLAGS (supported since GCC 4.9), the test confirms an signed integer overflow: $ ./RunTest 2 PCRE C library tests using test data from ./testdata PCRE version 8.35 2014-04-04 ---- Testing 8-bit library ---- Test 2: API, errors, internals, and non-Perl stuff (not UTF-8) pcre_compile.c:1589:32: runtime error: signed integer overflow: 1111111111 * 10 cannot be represented in type 'int' pcre_compile.c:1604:35: runtime error: signed integer overflow: 429496729 * 10 cannot be represented in type 'int' OK pcre_compile.c:1589:32: runtime error: signed integer overflow: 1111111111 * 10 cannot be represented in type 'int' pcre_compile.c:1604:35: runtime error: signed integer overflow: 429496729 * 10 cannot be represented in type 'int' OK with study pcre_compile.c:1589:32: runtime error: signed integer overflow: 1111111111 * 10 cannot be represented in type 'int' pcre_compile.c:1604:35: runtime error: signed integer overflow: 429496729 * 10 cannot be represented in type 'int' OK with JIT study [the same output for UTF-16 and UTF-32] This is a bug in parsing numbers in "{min,max}" expression. E.g.: HERE ↓ while (IS_DIGIT(*p)) min = min * 10 + (int)(*p++ - CHAR_0); if (min < 0 || min > 65535) { *errorcodeptr = ERR5; return p; } -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
