/[pcre]/code/trunk/ChangeLog
ViewVC logotype

Diff of /code/trunk/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1525 by ph10, Wed Feb 11 16:48:35 2015 UTC revision 1534 by ph10, Tue Mar 24 10:33:21 2015 UTC
# Line 4  ChangeLog for PCRE Line 4  ChangeLog for PCRE
4  Version 8.37 xx-xxx-2015  Version 8.37 xx-xxx-2015
5  ------------------------  ------------------------
6    
7  1.  When an (*ACCEPT) is triggered inside capturing parentheses, it arranges  1.  When an (*ACCEPT) is triggered inside capturing parentheses, it arranges
8      for those parentheses to be closed with whatever has been captured so far.      for those parentheses to be closed with whatever has been captured so far.
9      However, it was failing to mark any other groups between the hightest      However, it was failing to mark any other groups between the hightest
10      capture so far and the currrent group as "unset". Thus, the ovector for      capture so far and the currrent group as "unset". Thus, the ovector for
11      those groups contained whatever was previously there. An example is the      those groups contained whatever was previously there. An example is the
12      pattern /(x)|((*ACCEPT))/ when matched against "abcd".      pattern /(x)|((*ACCEPT))/ when matched against "abcd".
13    
14  2.  If an assertion condition was quantified with a minimum of zero (an odd  2.  If an assertion condition was quantified with a minimum of zero (an odd
15      thing to do, but it happened), SIGSEGV or other misbehaviour could occur.      thing to do, but it happened), SIGSEGV or other misbehaviour could occur.
16    
17  3.  If a pattern in pcretest input had the P (POSIX) modifier followed by an  3.  If a pattern in pcretest input had the P (POSIX) modifier followed by an
18      unrecognized modifier, a crash could occur.      unrecognized modifier, a crash could occur.
19    
20  4.  An attempt to do global matching in pcretest with a zero-length ovector  4.  An attempt to do global matching in pcretest with a zero-length ovector
21      caused a crash.      caused a crash.
22    
23  5.  Fixed a memory leak during matching that could occur for a subpattern  5.  Fixed a memory leak during matching that could occur for a subpattern
24      subroutine call (recursive or otherwise) if the number of captured groups      subroutine call (recursive or otherwise) if the number of captured groups
25      that had to be saved was greater than ten.      that had to be saved was greater than ten.
26    
27  6.  Catch a bad opcode during auto-possessification after compiling a bad UTF  6.  Catch a bad opcode during auto-possessification after compiling a bad UTF
28      string with NO_UTF_CHECK. This is a tidyup, not a bug fix, as passing bad      string with NO_UTF_CHECK. This is a tidyup, not a bug fix, as passing bad
29      UTF with NO_UTF_CHECK is documented as having an undefined outcome.      UTF with NO_UTF_CHECK is documented as having an undefined outcome.
30    
31  7.  A UTF pattern containing a "not" match of a non-ASCII character and a  7.  A UTF pattern containing a "not" match of a non-ASCII character and a
32      subroutine reference could loop at compile time. Example: /[^\xff]((?1))/.      subroutine reference could loop at compile time. Example: /[^\xff]((?1))/.
33    
# Line 65  Version 8.37 xx-xxx-2015 Line 65  Version 8.37 xx-xxx-2015
65      failed to allow the zero-repeat case if pcre2_exec() was called with an      failed to allow the zero-repeat case if pcre2_exec() was called with an
66      ovector too small to capture the group.      ovector too small to capture the group.
67    
68    13. Fixed two bugs in pcretest that were discovered by fuzzing and reported by
69        Red Hat Product Security:
70    
71        (a) A crash if /K and /F were both set with the option to save the compiled
72        pattern.
73    
74        (b) Another crash if the option to print captured substrings in a callout
75        was combined with setting a null ovector, for example \O\C+ as a subject
76        string.
77    
78    14. A pattern such as "((?2){0,1999}())?", which has a group containing a
79        forward reference repeated a large (but limited) number of times within a
80        repeated outer group that has a zero minimum quantifier, caused incorrect
81        code to be compiled, leading to the error "internal error:
82        previously-checked referenced subpattern not found" when an incorrect
83        memory address was read. This bug was reported as "heap overflow",
84        discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number
85        CVE-2015-2325.
86    
87    23. A pattern such as "((?+1)(\1))/" containing a forward reference subroutine
88        call within a group that also contained a recursive back reference caused
89        incorrect code to be compiled. This bug was reported as "heap overflow",
90        discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE
91        number CVE-2015-2326.
92    
93    24. Computing the size of the JIT read-only data in advance has been a source
94        of various issues, and new ones are still appear unfortunately. To fix
95        existing and future issues, size computation is eliminated from the code,
96        and replaced by on-demand memory allocation.
97    
98    25. A pattern such as /(?i)[A-`]/, where characters in the other case are
99        adjacent to the end of the range, and the range contained characters with
100        more than one other case, caused incorrect behaviour when compiled in UTF
101        mode. In that example, the range a-j was left out of the class.
102    
103    26. Fix JIT compilation of conditional blocks, which assertion
104        is converted to (*FAIL). E.g: /(?(?!))/.
105    
106    27. The pattern /(?(?!)^)/ caused references to random memory. This bug was
107        discovered by the LLVM fuzzer.
108    
109    28. The assertion (?!) is optimized to (*FAIL). This was not handled correctly
110        when this assertion was used as a condition, for example (?(?!)a|b). In
111        pcre2_match() it worked by luck; in pcre2_dfa_match() it gave an incorrect
112        error about an unsupported item.
113    
114    
115  Version 8.36 26-September-2014  Version 8.36 26-September-2014
116  ------------------------------  ------------------------------

Legend:
Removed from v.1525  
changed lines
  Added in v.1534

  ViewVC Help
Powered by ViewVC 1.1.5