[Python-checkins] cpython (2.7): Issue #9669: Protect re against infinite loops on zero-width matching in

serhiy.storchaka python-checkins at python.org
Sat Feb 16 20:28:51 CET 2013 

http://hg.python.org/cpython/rev/dc8a11c16021
changeset:   82226:dc8a11c16021
branch:      2.7
parent:      82219:c1b3d25882ca
user:        Serhiy Storchaka <storchaka at gmail.com>
date:        Sat Feb 16 21:23:01 2013 +0200
summary:
  Issue #9669: Protect re against infinite loops on zero-width matching in
non-greedy repeat.  Patch by Matthew Barnett.

files:
  Lib/test/test_re.py |  9 +++++++++
  Misc/NEWS           |  3 +++
  Modules/_sre.c      |  9 +++++++--
  3 files changed, 19 insertions(+), 2 deletions(-)


diff --git a/Lib/test/test_re.py b/Lib/test/test_re.py
--- a/Lib/test/test_re.py
+++ b/Lib/test/test_re.py
@@ -628,6 +628,15 @@
         self.assertEqual(re.match('(x)*y', 50000*'x'+'y').group(1), 'x')
         self.assertEqual(re.match('(x)*?y', 50000*'x'+'y').group(1), 'x')
 
+    def test_unlimited_zero_width_repeat(self):
+        # Issue #9669
+        self.assertIsNone(re.match(r'(?:a?)*y', 'z'))
+        self.assertIsNone(re.match(r'(?:a?)+y', 'z'))
+        self.assertIsNone(re.match(r'(?:a?){2,}y', 'z'))
+        self.assertIsNone(re.match(r'(?:a?)*?y', 'z'))
+        self.assertIsNone(re.match(r'(?:a?)+?y', 'z'))
+        self.assertIsNone(re.match(r'(?:a?){2,}?y', 'z'))
+
     def test_scanner(self):
         def s_ident(scanner, token): return token
         def s_operator(scanner, token): return "op%s" % token
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -205,6 +205,9 @@
 Library
 -------
 
+- Issue #9669: Protect re against infinite loops on zero-width matching in
+  non-greedy repeat.  Patch by Matthew Barnett.
+
 - Issue #13169: The maximal repetition number in a regular expression has been
   increased from 65534 to 2147483647 (on 32-bit platform) or 4294967294 (on
   64-bit).
diff --git a/Modules/_sre.c b/Modules/_sre.c
--- a/Modules/_sre.c
+++ b/Modules/_sre.c
@@ -1302,13 +1302,18 @@
 
             LASTMARK_RESTORE();
 
-            if (ctx->count >= ctx->u.rep->pattern[2]
-                && ctx->u.rep->pattern[2] != SRE_MAXREPEAT)
+            if ((ctx->count >= ctx->u.rep->pattern[2]
+                && ctx->u.rep->pattern[2] != SRE_MAXREPEAT) ||
+                state->ptr == ctx->u.rep->last_ptr)
                 RETURN_FAILURE;
 
             ctx->u.rep->count = ctx->count;
+            /* zero-width match protection */
+            DATA_PUSH(&ctx->u.rep->last_ptr);
+            ctx->u.rep->last_ptr = state->ptr;
             DO_JUMP(JUMP_MIN_UNTIL_3,jump_min_until_3,
                     ctx->u.rep->pattern+3);
+            DATA_POP(&ctx->u.rep->last_ptr);
             if (ret) {
                 RETURN_ON_ERROR(ret);
                 RETURN_SUCCESS;

-- 
Repository URL: http://hg.python.org/cpython

More information about the Python-checkins mailing list