/[pcre]/code/trunk/ChangeLog
ViewVC logotype

Diff of /code/trunk/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1454 by ph10, Sun Feb 9 18:55:03 2014 UTC revision 1536 by ph10, Fri Mar 27 16:44:50 2015 UTC
# Line 1  Line 1 
1  ChangeLog for PCRE  ChangeLog for PCRE
2  ------------------  ------------------
3    
4  Version 8.35-RC1 xx-xxxx-201x  Version 8.37 xx-xxx-2015
5  -----------------------------  ------------------------
6    
7    1.  When an (*ACCEPT) is triggered inside capturing parentheses, it arranges
8        for those parentheses to be closed with whatever has been captured so far.
9        However, it was failing to mark any other groups between the hightest
10        capture so far and the currrent group as "unset". Thus, the ovector for
11        those groups contained whatever was previously there. An example is the
12        pattern /(x)|((*ACCEPT))/ when matched against "abcd".
13    
14    2.  If an assertion condition was quantified with a minimum of zero (an odd
15        thing to do, but it happened), SIGSEGV or other misbehaviour could occur.
16    
17    3.  If a pattern in pcretest input had the P (POSIX) modifier followed by an
18        unrecognized modifier, a crash could occur.
19    
20    4.  An attempt to do global matching in pcretest with a zero-length ovector
21        caused a crash.
22    
23    5.  Fixed a memory leak during matching that could occur for a subpattern
24        subroutine call (recursive or otherwise) if the number of captured groups
25        that had to be saved was greater than ten.
26    
27    6.  Catch a bad opcode during auto-possessification after compiling a bad UTF
28        string with NO_UTF_CHECK. This is a tidyup, not a bug fix, as passing bad
29        UTF with NO_UTF_CHECK is documented as having an undefined outcome.
30    
31    7.  A UTF pattern containing a "not" match of a non-ASCII character and a
32        subroutine reference could loop at compile time. Example: /[^\xff]((?1))/.
33    
34    8. When a pattern is compiled, it remembers the highest back reference so that
35       when matching, if the ovector is too small, extra memory can be obtained to
36       use instead. A conditional subpattern whose condition is a check on a
37       capture having happened, such as, for example in the pattern
38       /^(?:(a)|b)(?(1)A|B)/, is another kind of back reference, but it was not
39       setting the highest backreference number. This mattered only if pcre_exec()
40       was called with an ovector that was too small to hold the capture, and there
41       was no other kind of back reference (a situation which is probably quite
42       rare). The effect of the bug was that the condition was always treated as
43       FALSE when the capture could not be consulted, leading to a incorrect
44       behaviour by pcre2_match(). This bug has been fixed.
45    
46    9. A reference to a duplicated named group (either a back reference or a test
47       for being set in a conditional) that occurred in a part of the pattern where
48       PCRE_DUPNAMES was not set caused the amount of memory needed for the pattern
49       to be incorrectly calculated, leading to overwriting.
50    
51    10. A mutually recursive set of back references such as (\2)(\1) caused a
52        segfault at study time (while trying to find the minimum matching length).
53        The infinite loop is now broken (with the minimum length unset, that is,
54        zero).
55    
56    11. If an assertion that was used as a condition was quantified with a minimum
57        of zero, matching went wrong. In particular, if the whole group had
58        unlimited repetition and could match an empty string, a segfault was
59        likely. The pattern (?(?=0)?)+ is an example that caused this. Perl allows
60        assertions to be quantified, but not if they are being used as conditions,
61        so the above pattern is faulted by Perl. PCRE has now been changed so that
62        it also rejects such patterns.
63    
64    12. A possessive capturing group such as (a)*+ with a minimum repeat of zero
65        failed to allow the zero-repeat case if pcre2_exec() was called with an
66        ovector too small to capture the group.
67    
68    13. Fixed two bugs in pcretest that were discovered by fuzzing and reported by
69        Red Hat Product Security:
70    
71        (a) A crash if /K and /F were both set with the option to save the compiled
72        pattern.
73    
74        (b) Another crash if the option to print captured substrings in a callout
75        was combined with setting a null ovector, for example \O\C+ as a subject
76        string.
77    
78    14. A pattern such as "((?2){0,1999}())?", which has a group containing a
79        forward reference repeated a large (but limited) number of times within a
80        repeated outer group that has a zero minimum quantifier, caused incorrect
81        code to be compiled, leading to the error "internal error:
82        previously-checked referenced subpattern not found" when an incorrect
83        memory address was read. This bug was reported as "heap overflow",
84        discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number
85        CVE-2015-2325.
86    
87    23. A pattern such as "((?+1)(\1))/" containing a forward reference subroutine
88        call within a group that also contained a recursive back reference caused
89        incorrect code to be compiled. This bug was reported as "heap overflow",
90        discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE
91        number CVE-2015-2326.
92    
93    24. Computing the size of the JIT read-only data in advance has been a source
94        of various issues, and new ones are still appear unfortunately. To fix
95        existing and future issues, size computation is eliminated from the code,
96        and replaced by on-demand memory allocation.
97    
98    25. A pattern such as /(?i)[A-`]/, where characters in the other case are
99        adjacent to the end of the range, and the range contained characters with
100        more than one other case, caused incorrect behaviour when compiled in UTF
101        mode. In that example, the range a-j was left out of the class.
102    
103    26. Fix JIT compilation of conditional blocks, which assertion
104        is converted to (*FAIL). E.g: /(?(?!))/.
105    
106    27. The pattern /(?(?!)^)/ caused references to random memory. This bug was
107        discovered by the LLVM fuzzer.
108    
109    28. The assertion (?!) is optimized to (*FAIL). This was not handled correctly
110        when this assertion was used as a condition, for example (?(?!)a|b). In
111        pcre2_match() it worked by luck; in pcre2_dfa_match() it gave an incorrect
112        error about an unsupported item.
113    
114    29. For some types of pattern, for example /Z*(|d*){216}/, the auto-
115        possessification code could take exponential time to complete. A recursion
116        depth limit of 1000 has been imposed to limit the resources used by this
117        optimization.
118    
119    30. A pattern such as /(*UTF)[\S\V\H]/, which contains a negated special class
120        such as \S in non-UCP mode, explicit wide characters (> 255) can be ignored
121        because \S ensures they are all in the class. The code for doing this was
122        interacting badly with the code for computing the amount of space needed to
123        compile the pattern, leading to a buffer overflow. This bug was discovered
124        by the LLVM fuzzer.
125    
126    
127    Version 8.36 26-September-2014
128    ------------------------------
129    
130    1.  Got rid of some compiler warnings in the C++ modules that were shown up by
131        -Wmissing-field-initializers and -Wunused-parameter.
132    
133    2.  The tests for quantifiers being too big (greater than 65535) were being
134        applied after reading the number, and stupidly assuming that integer
135        overflow would give a negative number. The tests are now applied as the
136        numbers are read.
137    
138    3.  Tidy code in pcre_exec.c where two branches that used to be different are
139        now the same.
140    
141    4.  The JIT compiler did not generate match limit checks for certain
142        bracketed expressions with quantifiers. This may lead to exponential
143        backtracking, instead of returning with PCRE_ERROR_MATCHLIMIT. This
144        issue should be resolved now.
145    
146    5.  Fixed an issue, which occures when nested alternatives are optimized
147        with table jumps.
148    
149    6.  Inserted two casts and changed some ints to size_t in the light of some
150        reported 64-bit compiler warnings (Bugzilla 1477).
151    
152    7.  Fixed a bug concerned with zero-minimum possessive groups that could match
153        an empty string, which sometimes were behaving incorrectly in the
154        interpreter (though correctly in the JIT matcher). This pcretest input is
155        an example:
156    
157          '\A(?:[^"]++|"(?:[^"]*+|"")*+")++'
158          NON QUOTED "QUOT""ED" AFTER "NOT MATCHED
159    
160        the interpreter was reporting a match of 'NON QUOTED ' only, whereas the
161        JIT matcher and Perl both matched 'NON QUOTED "QUOT""ED" AFTER '. The test
162        for an empty string was breaking the inner loop and carrying on at a lower
163        level, when possessive repeated groups should always return to a higher
164        level as they have no backtrack points in them. The empty string test now
165        occurs at the outer level.
166    
167    8.  Fixed a bug that was incorrectly auto-possessifying \w+ in the pattern
168        ^\w+(?>\s*)(?<=\w) which caused it not to match "test test".
169    
170    9.  Give a compile-time error for \o{} (as Perl does) and for \x{} (which Perl
171        doesn't).
172    
173    10. Change 8.34/15 introduced a bug that caused the amount of memory needed
174        to hold a pattern to be incorrectly computed (too small) when there were
175        named back references to duplicated names. This could cause "internal
176        error: code overflow" or "double free or corruption" or other memory
177        handling errors.
178    
179    11. When named subpatterns had the same prefixes, back references could be
180        confused. For example, in this pattern:
181    
182          /(?P<Name>a)?(?P<Name2>b)?(?(<Name>)c|d)*l/
183    
184        the reference to 'Name' was incorrectly treated as a reference to a
185        duplicate name.
186    
187    12. A pattern such as /^s?c/mi8 where the optional character has more than
188        one "other case" was incorrectly compiled such that it would only try to
189        match starting at "c".
190    
191    13. When a pattern starting with \s was studied, VT was not included in the
192        list of possible starting characters; this should have been part of the
193        8.34/18 patch.
194    
195    14. If a character class started [\Qx]... where x is any character, the class
196        was incorrectly terminated at the ].
197    
198    15. If a pattern that started with a caseless match for a character with more
199        than one "other case" was studied, PCRE did not set up the starting code
200        unit bit map for the list of possible characters. Now it does. This is an
201        optimization improvement, not a bug fix.
202    
203    16. The Unicode data tables have been updated to Unicode 7.0.0.
204    
205    17. Fixed a number of memory leaks in pcregrep.
206    
207    18. Avoid a compiler warning (from some compilers) for a function call with
208        a cast that removes "const" from an lvalue by using an intermediate
209        variable (to which the compiler does not object).
210    
211    19. Incorrect code was compiled if a group that contained an internal recursive
212        back reference was optional (had quantifier with a minimum of zero). This
213        example compiled incorrect code: /(((a\2)|(a*)\g<-1>))*/ and other examples
214        caused segmentation faults because of stack overflows at compile time.
215    
216    20. A pattern such as /((?(R)a|(?1)))+/, which contains a recursion within a
217        group that is quantified with an indefinite repeat, caused a compile-time
218        loop which used up all the system stack and provoked a segmentation fault.
219        This was not the same bug as 19 above.
220    
221    21. Add PCRECPP_EXP_DECL declaration to operator<< in pcre_stringpiece.h.
222        Patch by Mike Frysinger.
223    
224    
225    Version 8.35 04-April-2014
226    --------------------------
227    
228  1.  A new flag is set, when property checks are present in an XCLASS.  1.  A new flag is set, when property checks are present in an XCLASS.
229      When this flag is not set, PCRE can perform certain optimizations      When this flag is not set, PCRE can perform certain optimizations
# Line 27  Version 8.35-RC1 xx-xxxx-201x Line 248  Version 8.35-RC1 xx-xxxx-201x
248    
249  6.  Improve character range checks in JIT. Characters are read by an inprecise  6.  Improve character range checks in JIT. Characters are read by an inprecise
250      function now, which returns with an unknown value if the character code is      function now, which returns with an unknown value if the character code is
251      above a certain treshold (e.g: 256). The only limitation is that the value      above a certain threshold (e.g: 256). The only limitation is that the value
252      must be bigger than the treshold as well. This function is useful, when      must be bigger than the threshold as well. This function is useful when
253      the characters above the treshold are handled in the same way.      the characters above the threshold are handled in the same way.
254    
255  7.  The macros whose names start with RAWUCHAR are placeholders for a future  7.  The macros whose names start with RAWUCHAR are placeholders for a future
256      mode in which only the bottom 21 bits of 32-bit data items are used. To      mode in which only the bottom 21 bits of 32-bit data items are used. To
257      make this more memorable for those maintaining the code, the names have      make this more memorable for those maintaining the code, the names have
258      been changed to start with UCHAR21, and an extensive comment has been added      been changed to start with UCHAR21, and an extensive comment has been added
259      to their definition.      to their definition.
260    
261  8.  Add missing (new) files sljitNativeTILEGX.c and sljitNativeTILEGX-encoder.c  8.  Add missing (new) files sljitNativeTILEGX.c and sljitNativeTILEGX-encoder.c
262      to the export list in Makefile.am (they were accidentally omitted from the      to the export list in Makefile.am (they were accidentally omitted from the
263      8.34 tarball).      8.34 tarball).
264    
265  9.  The informational output from pcretest used the phrase "starting byte set"  9.  The informational output from pcretest used the phrase "starting byte set"
266      which is inappropriate for the 16-bit and 32-bit libraries. As the output      which is inappropriate for the 16-bit and 32-bit libraries. As the output
267      for "first char" and "need char" really means "non-UTF-char", I've changed      for "first char" and "need char" really means "non-UTF-char", I've changed
268      "byte" to "char", and slightly reworded the output. The documentation about      "byte" to "char", and slightly reworded the output. The documentation about
269      these values has also been (I hope) clarified.      these values has also been (I hope) clarified.
270    
271  10. Another JIT related optimization: use table jumps for selecting the correct  10. Another JIT related optimization: use table jumps for selecting the correct
272      backtracking path, when more than four alternatives are present inside a      backtracking path, when more than four alternatives are present inside a
# Line 54  Version 8.35-RC1 xx-xxxx-201x Line 275  Version 8.35-RC1 xx-xxxx-201x
275  11. Empty match is not possible, when the minimum length is greater than zero,  11. Empty match is not possible, when the minimum length is greater than zero,
276      and there is no \K in the pattern. JIT should avoid empty match checks in      and there is no \K in the pattern. JIT should avoid empty match checks in
277      such cases.      such cases.
278    
279  12. In a caseless character class with UCP support, when a character with more  12. In a caseless character class with UCP support, when a character with more
280      than one alternative case was not the first character of a range, not all      than one alternative case was not the first character of a range, not all
281      the alternative cases were added to the class. For example, s and \x{17f}      the alternative cases were added to the class. For example, s and \x{17f}
282      are both alternative cases for S: the class [RST] was handled correctly,      are both alternative cases for S: the class [RST] was handled correctly,
283      but [R-T] was not.      but [R-T] was not.
284    
285  13. The configure.ac file always checked for pthread support when JIT was  13. The configure.ac file always checked for pthread support when JIT was
286      enabled. This is not used in Windows, so I have put this test inside a      enabled. This is not used in Windows, so I have put this test inside a
287      check for the presence of windows.h (which was already tested for).      check for the presence of windows.h (which was already tested for).
288    
289  14. Improve pattern prefix search by a simplified Boyer-Moore algorithm in JIT.  14. Improve pattern prefix search by a simplified Boyer-Moore algorithm in JIT.
290      The algorithm provides a way to skip certain starting offsets, and usually      The algorithm provides a way to skip certain starting offsets, and usually
291      faster than linear prefix searches.      faster than linear prefix searches.
292    
293  15. Change 13 for 8.20 updated RunTest to check for the 'fr' locale as well  15. Change 13 for 8.20 updated RunTest to check for the 'fr' locale as well
294      as for 'fr_FR' and 'french'. For some reason, however, it then used the      as for 'fr_FR' and 'french'. For some reason, however, it then used the
295      Windows-specific input and output files, which have 'french' screwed in.      Windows-specific input and output files, which have 'french' screwed in.
296      So this could never have worked. One of the problems with locales is that      So this could never have worked. One of the problems with locales is that
297      they aren't always the same. I have now updated RunTest so that it checks      they aren't always the same. I have now updated RunTest so that it checks
298      the output of the locale test (test 3) against three different output      the output of the locale test (test 3) against three different output
299      files, and it allows the test to pass if any one of them matches. With luck      files, and it allows the test to pass if any one of them matches. With luck
300      this should make the test pass on some versions of Solaris where it was      this should make the test pass on some versions of Solaris where it was
301      failing. Because of the uncertainty, the script did not used to stop if      failing. Because of the uncertainty, the script did not used to stop if
302      test 3 failed; it now does. If further versions of a French locale ever      test 3 failed; it now does. If further versions of a French locale ever
303      come to light, they can now easily be added.      come to light, they can now easily be added.
304    
305  16. If --with-pcregrep-bufsize was given a non-integer value such as "50K",  16. If --with-pcregrep-bufsize was given a non-integer value such as "50K",
306      there was a message during ./configure, but it did not stop. This now      there was a message during ./configure, but it did not stop. This now
307      provokes an error. The invalid example in README has been corrected.      provokes an error. The invalid example in README has been corrected.
308      If a value less than the minimum is given, the minimum value has always      If a value less than the minimum is given, the minimum value has always
309      been used, but now a warning is given.      been used, but now a warning is given.
310    
311  17. If --enable-bsr-anycrlf was set, the special 16/32-bit test failed. This  17. If --enable-bsr-anycrlf was set, the special 16/32-bit test failed. This
312      was a bug in the test system, which is now fixed. Also, the list of various      was a bug in the test system, which is now fixed. Also, the list of various
313      configurations that are tested for each release did not have one with both      configurations that are tested for each release did not have one with both
314      16/32 bits and --enable-bar-anycrlf. It now does.      16/32 bits and --enable-bar-anycrlf. It now does.
315    
316  18. pcretest was missing "-C bsr" for displaying the \R default setting.  18. pcretest was missing "-C bsr" for displaying the \R default setting.
317    
318  19. Little endian PowerPC systems are supported now by the JIT compiler.  19. Little endian PowerPC systems are supported now by the JIT compiler.
319    
320  20. The fast forward newline mechanism could enter to an infinite loop on  20. The fast forward newline mechanism could enter to an infinite loop on
321      certain invalid UTF-8 input. Although we don't support these cases      certain invalid UTF-8 input. Although we don't support these cases
322      this issue can be fixed by a performance optimization.      this issue can be fixed by a performance optimization.
323    
324  21. Change 33 of 8.34 is not sufficient to ensure stack safety because it does  21. Change 33 of 8.34 is not sufficient to ensure stack safety because it does
325      not take account if existing stack usage. There is now a new global      not take account if existing stack usage. There is now a new global
326      variable called pcre_stack_guard that can be set to point to an external      variable called pcre_stack_guard that can be set to point to an external
327      function to check stack availability. It is called at the start of      function to check stack availability. It is called at the start of
328      processing every parenthesized group.      processing every parenthesized group.
329    
330    22. A typo in the code meant that in ungreedy mode the max/min qualifier
331        behaved like a min-possessive qualifier, and, for example, /a{1,3}b/U did
332        not match "ab".
333    
334    23. When UTF was disabled, the JIT program reported some incorrect compile
335        errors. These messages are silenced now.
336    
337    24. Experimental support for ARM-64 and MIPS-64 has been added to the JIT
338        compiler.
339    
340    25. Change all the temporary files used in RunGrepTest to be different to those
341        used by RunTest so that the tests can be run simultaneously, for example by
342        "make -j check".
343    
344    
345  Version 8.34 15-December-2013  Version 8.34 15-December-2013

Legend:
Removed from v.1454  
changed lines
  Added in v.1536

  ViewVC Help
Powered by ViewVC 1.1.5