/[pcre]/code/trunk/ChangeLog
ViewVC logotype

Diff of /code/trunk/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1547 by ph10, Mon Apr 13 09:31:55 2015 UTC revision 1553 by ph10, Tue Apr 28 11:36:24 2015 UTC
# Line 1  Line 1 
1  ChangeLog for PCRE  ChangeLog for PCRE
2  ------------------  ------------------
3    
4  Version 8.37 xx-xxx-2015  Version 8.37 28-April-2015
5  ------------------------  --------------------------
6    
7  1.  When an (*ACCEPT) is triggered inside capturing parentheses, it arranges  1.  When an (*ACCEPT) is triggered inside capturing parentheses, it arranges
8      for those parentheses to be closed with whatever has been captured so far.      for those parentheses to be closed with whatever has been captured so far.
# Line 41  Version 8.37 xx-xxx-2015 Line 41  Version 8.37 xx-xxx-2015
41     was no other kind of back reference (a situation which is probably quite     was no other kind of back reference (a situation which is probably quite
42     rare). The effect of the bug was that the condition was always treated as     rare). The effect of the bug was that the condition was always treated as
43     FALSE when the capture could not be consulted, leading to a incorrect     FALSE when the capture could not be consulted, leading to a incorrect
44     behaviour by pcre2_match(). This bug has been fixed.     behaviour by pcre_exec(). This bug has been fixed.
45    
46  9. A reference to a duplicated named group (either a back reference or a test  9. A reference to a duplicated named group (either a back reference or a test
47     for being set in a conditional) that occurred in a part of the pattern where     for being set in a conditional) that occurred in a part of the pattern where
# Line 65  Version 8.37 xx-xxx-2015 Line 65  Version 8.37 xx-xxx-2015
65      failed to allow the zero-repeat case if pcre2_exec() was called with an      failed to allow the zero-repeat case if pcre2_exec() was called with an
66      ovector too small to capture the group.      ovector too small to capture the group.
67    
68  13. Fixed two bugs in pcretest that were discovered by fuzzing and reported by  13. Fixed two bugs in pcretest that were discovered by fuzzing and reported by
69      Red Hat Product Security:      Red Hat Product Security:
70    
71      (a) A crash if /K and /F were both set with the option to save the compiled      (a) A crash if /K and /F were both set with the option to save the compiled
# Line 74  Version 8.37 xx-xxx-2015 Line 74  Version 8.37 xx-xxx-2015
74      (b) Another crash if the option to print captured substrings in a callout      (b) Another crash if the option to print captured substrings in a callout
75      was combined with setting a null ovector, for example \O\C+ as a subject      was combined with setting a null ovector, for example \O\C+ as a subject
76      string.      string.
77    
78  14. A pattern such as "((?2){0,1999}())?", which has a group containing a  14. A pattern such as "((?2){0,1999}())?", which has a group containing a
79      forward reference repeated a large (but limited) number of times within a      forward reference repeated a large (but limited) number of times within a
80      repeated outer group that has a zero minimum quantifier, caused incorrect      repeated outer group that has a zero minimum quantifier, caused incorrect
81      code to be compiled, leading to the error "internal error:      code to be compiled, leading to the error "internal error:
82      previously-checked referenced subpattern not found" when an incorrect      previously-checked referenced subpattern not found" when an incorrect
83      memory address was read. This bug was reported as "heap overflow",      memory address was read. This bug was reported as "heap overflow",
84      discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number      discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number
85      CVE-2015-2325.      CVE-2015-2325.
86    
87  23. A pattern such as "((?+1)(\1))/" containing a forward reference subroutine  23. A pattern such as "((?+1)(\1))/" containing a forward reference subroutine
88      call within a group that also contained a recursive back reference caused      call within a group that also contained a recursive back reference caused
89      incorrect code to be compiled. This bug was reported as "heap overflow",      incorrect code to be compiled. This bug was reported as "heap overflow",
90      discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE      discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE
91      number CVE-2015-2326.      number CVE-2015-2326.
92    
93  24. Computing the size of the JIT read-only data in advance has been a source  24. Computing the size of the JIT read-only data in advance has been a source
# Line 102  Version 8.37 xx-xxx-2015 Line 102  Version 8.37 xx-xxx-2015
102    
103  26. Fix JIT compilation of conditional blocks, which assertion  26. Fix JIT compilation of conditional blocks, which assertion
104      is converted to (*FAIL). E.g: /(?(?!))/.      is converted to (*FAIL). E.g: /(?(?!))/.
105    
106  27. The pattern /(?(?!)^)/ caused references to random memory. This bug was  27. The pattern /(?(?!)^)/ caused references to random memory. This bug was
107      discovered by the LLVM fuzzer.      discovered by the LLVM fuzzer.
108    
# Line 110  Version 8.37 xx-xxx-2015 Line 110  Version 8.37 xx-xxx-2015
110      when this assertion was used as a condition, for example (?(?!)a|b). In      when this assertion was used as a condition, for example (?(?!)a|b). In
111      pcre2_match() it worked by luck; in pcre2_dfa_match() it gave an incorrect      pcre2_match() it worked by luck; in pcre2_dfa_match() it gave an incorrect
112      error about an unsupported item.      error about an unsupported item.
113    
114  29. For some types of pattern, for example /Z*(|d*){216}/, the auto-  29. For some types of pattern, for example /Z*(|d*){216}/, the auto-
115      possessification code could take exponential time to complete. A recursion      possessification code could take exponential time to complete. A recursion
116      depth limit of 1000 has been imposed to limit the resources used by this      depth limit of 1000 has been imposed to limit the resources used by this
117      optimization.      optimization.
118    
119  30. A pattern such as /(*UTF)[\S\V\H]/, which contains a negated special class  30. A pattern such as /(*UTF)[\S\V\H]/, which contains a negated special class
120      such as \S in non-UCP mode, explicit wide characters (> 255) can be ignored      such as \S in non-UCP mode, explicit wide characters (> 255) can be ignored
121      because \S ensures they are all in the class. The code for doing this was      because \S ensures they are all in the class. The code for doing this was
122      interacting badly with the code for computing the amount of space needed to      interacting badly with the code for computing the amount of space needed to
123      compile the pattern, leading to a buffer overflow. This bug was discovered      compile the pattern, leading to a buffer overflow. This bug was discovered
124      by the LLVM fuzzer.      by the LLVM fuzzer.
125    
126  31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside  31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
127      other kinds of group caused stack overflow at compile time. This bug was      other kinds of group caused stack overflow at compile time. This bug was
128      discovered by the LLVM fuzzer.      discovered by the LLVM fuzzer.
# Line 131  Version 8.37 xx-xxx-2015 Line 131  Version 8.37 xx-xxx-2015
131      between a subroutine call and its quantifier was incorrectly compiled,      between a subroutine call and its quantifier was incorrectly compiled,
132      leading to buffer overflow or other errors. This bug was discovered by the      leading to buffer overflow or other errors. This bug was discovered by the
133      LLVM fuzzer.      LLVM fuzzer.
134    
135  33. The illegal pattern /(?(?<E>.*!.*)?)/ was not being diagnosed as missing an  33. The illegal pattern /(?(?<E>.*!.*)?)/ was not being diagnosed as missing an
136      assertion after (?(. The code was failing to check the character after      assertion after (?(. The code was failing to check the character after
137      (?(?< for the ! or = that would indicate a lookbehind assertion. This bug      (?(?< for the ! or = that would indicate a lookbehind assertion. This bug
# Line 145  Version 8.37 xx-xxx-2015 Line 145  Version 8.37 xx-xxx-2015
145  35. A mutual recursion within a lookbehind assertion such as (?<=((?2))((?1)))  35. A mutual recursion within a lookbehind assertion such as (?<=((?2))((?1)))
146      caused a stack overflow instead of the diagnosis of a non-fixed length      caused a stack overflow instead of the diagnosis of a non-fixed length
147      lookbehind assertion. This bug was discovered by the LLVM fuzzer.      lookbehind assertion. This bug was discovered by the LLVM fuzzer.
148    
149  36. The use of \K in a positive lookbehind assertion in a non-anchored pattern  36. The use of \K in a positive lookbehind assertion in a non-anchored pattern
150      (e.g. /(?<=\Ka)/) could make pcregrep loop.      (e.g. /(?<=\Ka)/) could make pcregrep loop.
151    
# Line 154  Version 8.37 xx-xxx-2015 Line 154  Version 8.37 xx-xxx-2015
154  38. If a greedy quantified \X was preceded by \C in UTF mode (e.g. \C\X*),  38. If a greedy quantified \X was preceded by \C in UTF mode (e.g. \C\X*),
155      and a subsequent item in the pattern caused a non-match, backtracking over      and a subsequent item in the pattern caused a non-match, backtracking over
156      the repeated \X did not stop, but carried on past the start of the subject,      the repeated \X did not stop, but carried on past the start of the subject,
157      causing reference to random memory and/or a segfault. There were also some      causing reference to random memory and/or a segfault. There were also some
158      other cases where backtracking after \C could crash. This set of bugs was      other cases where backtracking after \C could crash. This set of bugs was
159      discovered by the LLVM fuzzer.      discovered by the LLVM fuzzer.
160    
161  20. The function for finding the minimum length of a matching string could take  39. The function for finding the minimum length of a matching string could take
162      a very long time if mutual recursion was present many times in a pattern,      a very long time if mutual recursion was present many times in a pattern,
163      for example, /((?2){73}(?2))((?1))/. A better mutual recursion detection      for example, /((?2){73}(?2))((?1))/. A better mutual recursion detection
164      method has been implemented. This infelicity was discovered by the LLVM      method has been implemented. This infelicity was discovered by the LLVM
165      fuzzer.      fuzzer.
166    
167    40. Static linking against the PCRE library using the pkg-config module was
168        failing on missing pthread symbols.
169    
170    
171  Version 8.36 26-September-2014  Version 8.36 26-September-2014
172  ------------------------------  ------------------------------

Legend:
Removed from v.1547  
changed lines
  Added in v.1553

  ViewVC Help
Powered by ViewVC 1.1.5