From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id D6E963857351; Fri, 23 Jun 2023 16:12:59 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D6E963857351
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1687536779;
	bh=aAF+3FCNo8EAaUVR0CUhm6fKsbAqUp2WMbKjODcU9xs=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=hCQcB1In1r8vHhbLUnu0d073tBTsxqtB4BVe9q7Ysgx1S02v5wfXbjiDiV1nQ+gL7
	 rGbvrbMI/XHA50sEhBgL981MwBfuliOIVZp00K+ERoh3qGQcy2T1ZFCSFzGzKBI8N9
	 rs7HQiWw5jkGv4z8YgT6WbbPVu3ct78kUg6/OGLA=
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libstdc++/106607] Regex integer overflow on large backreference
 value
Date: Fri, 23 Jun 2023 16:12:59 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: libstdc++
X-Bugzilla-Version: 13.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: redi at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 11.4
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-106607-4-ocKnvXaKp5@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-106607-4@http.gcc.gnu.org/bugzilla/>
References: <bug-106607-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106607

--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:

https://gcc.gnu.org/g:fab3692a2cf961b7364d7f77dd976ba0e4f752b7

commit r10-11467-gfab3692a2cf961b7364d7f77dd976ba0e4f752b7
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Mon Aug 22 15:16:16 2022 +0100

    libstdc++: Check for overflow in regex back-reference [PR106607]

    Currently we fail to notice integer overflow when parsing a
    back-reference expression, or when converting the parsed result from
    long to int. This changes the result to be int, so no conversion is
    needed, and uses the overflow-checking built-ins to detect an
    out-of-range back-reference.

    libstdc++-v3/ChangeLog:

            PR libstdc++/106607
            * include/bits/regex_compiler.tcc (_Compiler::_M_cur_int_value):
            Use built-ins to check for integer overflow in back-reference
            number.
            * testsuite/28_regex/basic_regex/106607.cc: New test.

    (cherry picked from commit 1b09eea33f2bf9d1eae73b25cc25efb05ea1dc3f)=