diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | re.c | 4 | ||||
-rw-r--r-- | regparse.c | 2 | ||||
-rw-r--r-- | test/ruby/test_regexp.rb | 2 | ||||
-rw-r--r-- | version.h | 6 |
5 files changed, 18 insertions, 6 deletions
@@ -1,3 +1,13 @@ +Mon Jun 20 02:25:44 2016 NARUSE, Yui <naruse@ruby-lang.org> + + * re.c (unescape_nonascii): scan hex up to only 3 characters. + [Bug #12420] [Bug #12423] + +Mon Jun 20 02:25:44 2016 NARUSE, Yui <naruse@ruby-lang.org> + + * regparse.c (fetch_token_in_cc): raise error if given octal escaped + character is too big. [Bug #12420] [Bug #12423] + Sun Jun 19 04:29:13 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> * include/ruby/missing.h (isfinite): move from numeric.c. @@ -2306,8 +2306,8 @@ unescape_nonascii(const char *p, const char *end, rb_encoding *enc, case '1': case '2': case '3': case '4': case '5': case '6': case '7': /* \O, \OO, \OOO or backref */ { - size_t octlen; - if (ruby_scan_oct(p-1, end-(p-1), &octlen) <= 0177) { + size_t len = end-(p-1), octlen; + if (ruby_scan_oct(p-1, len < 3 ? len : 3, &octlen) <= 0177) { /* backref or 7bit octal. no need to unescape anyway. re-escaping may break backref */ diff --git a/regparse.c b/regparse.c index 094332f90e..cc48945c3c 100644 --- a/regparse.c +++ b/regparse.c @@ -3222,7 +3222,7 @@ fetch_token_in_cc(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) PUNFETCH; prev = p; num = scan_unsigned_octal_number(&p, end, 3, enc); - if (num < 0) return ONIGERR_TOO_BIG_NUMBER; + if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER; if (p == prev) { /* can't read nothing. */ num = 0; /* but, it's not error */ } diff --git a/test/ruby/test_regexp.rb b/test/ruby/test_regexp.rb index db6e8a3b81..dce5792954 100644 --- a/test/ruby/test_regexp.rb +++ b/test/ruby/test_regexp.rb @@ -389,6 +389,8 @@ class TestRegexp < Test::Unit::TestCase assert_equal(arg_encoding_none, Regexp.new("", nil, "N").options) assert_raise(RegexpError) { Regexp.new(")(") } + assert_raise(RegexpError) { Regexp.new('[\\40000000000') } + assert_raise(RegexpError) { Regexp.new('[\\600000000000.') } end def test_unescape @@ -1,10 +1,10 @@ #define RUBY_VERSION "2.3.2" -#define RUBY_RELEASE_DATE "2016-06-19" -#define RUBY_PATCHLEVEL 133 +#define RUBY_RELEASE_DATE "2016-06-20" +#define RUBY_PATCHLEVEL 134 #define RUBY_RELEASE_YEAR 2016 #define RUBY_RELEASE_MONTH 6 -#define RUBY_RELEASE_DAY 19 +#define RUBY_RELEASE_DAY 20 #include "ruby/version.h" |