mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 20:57:35 +00:00
LibRegex: Limit the number of nested capture groups allowed in BRE
Found by OSS-Fuzz: https://oss-fuzz.com/testcase?key=4869334212673536
This commit is contained in:
parent
c171aa40a8
commit
05c65f9b5d
2 changed files with 7 additions and 0 deletions
|
@ -12,6 +12,7 @@
|
|||
#include <AK/String.h>
|
||||
#include <AK/StringBuilder.h>
|
||||
#include <AK/StringUtils.h>
|
||||
#include <AK/TemporaryChange.h>
|
||||
#include <AK/Utf16View.h>
|
||||
#include <LibUnicode/CharacterTypes.h>
|
||||
|
||||
|
@ -460,6 +461,11 @@ bool PosixBasicParser::parse_nonduplicating_re(ByteCode& bytecode, size_t& match
|
|||
{
|
||||
// nondupl_RE : one_char_or_coll_elem_RE | Back_open_paren RE_expression Back_close_paren | BACKREF
|
||||
if (try_skip("\\(")) {
|
||||
TemporaryChange change { m_current_capture_group_depth, m_current_capture_group_depth + 1 };
|
||||
// Max number of addressable capture groups is 10, let's just be lenient
|
||||
// and accept 20; anything past that is probably a silly pattern anyway.
|
||||
if (m_current_capture_group_depth > 20)
|
||||
return set_error(Error::InvalidPattern);
|
||||
ByteCode capture_bytecode;
|
||||
size_t capture_length_minimum = 0;
|
||||
auto capture_group_index = ++m_parser_state.capture_groups_count;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue