From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id BF62738515F6; Wed,  7 Sep 2022 17:49:37 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BF62738515F6
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1662572977;
	bh=ynjPoaW8Mq4bkdQsP6aBDE7O3HkBrHDpO5YYiImvvnE=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=LQaeZgluSBPh00vUuU3O6Sy/g5e8zis4e/e8YEUzdLe1+Jsx5J6ko5OpGZMY5EzjS
	 87udqPnvSVZUtUVq1hLRdkKVIhEmCoBsYu4J+BYpt6DgqI9BuNlvmlhdfNC2rVNsi0
	 cs5z8nOYvPRnz7YJi1eBGXp+Mz7qxMNAHfKHiNEo=
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libstdc++/106607] Regex integer overflow on large backreference
 value
Date: Wed, 07 Sep 2022 17:49:37 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: libstdc++
X-Bugzilla-Version: 13.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: ASSIGNED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: redi at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-106607-4-p6qn9B5rzq@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-106607-4@http.gcc.gnu.org/bugzilla/>
References: <bug-106607-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106607

--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:

https://gcc.gnu.org/g:d023d805d9e20c3f46654dc7ea96c9228d650ddb

commit r11-10243-gd023d805d9e20c3f46654dc7ea96c9228d650ddb
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Mon Aug 22 15:16:16 2022 +0100

    libstdc++: Check for overflow in regex back-reference [PR106607]

    Currently we fail to notice integer overflow when parsing a
    back-reference expression, or when converting the parsed result from
    long to int. This changes the result to be int, so no conversion is
    needed, and uses the overflow-checking built-ins to detect an
    out-of-range back-reference.

    libstdc++-v3/ChangeLog:

            PR libstdc++/106607
            * include/bits/regex_compiler.tcc (_Compiler::_M_cur_int_value):
            Use built-ins to check for integer overflow in back-reference
            number.
            * testsuite/28_regex/basic_regex/106607.cc: New test.

    (cherry picked from commit 1b09eea33f2bf9d1eae73b25cc25efb05ea1dc3f)=