public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libstdc++/106607] New: Regex integer overflow on large backreference value
@ 2022-08-13 9:26 fsb4000 at yandex dot ru
2022-09-07 14:16 ` [Bug libstdc++/106607] " cvs-commit at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: fsb4000 at yandex dot ru @ 2022-08-13 9:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106607
Bug ID: 106607
Summary: Regex integer overflow on large backreference value
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: fsb4000 at yandex dot ru
Target Milestone: ---
Hello!
I was fixing some MS STL issues with regex: GH-2168: integer overflow on large
backreference value and I added a test.
After that I decided to try my test with LLVM libc++ and GNU libstdc++.
LLVM libc++ passes my test.
and libstdc++ doesn't pass it.
```
#include <cassert>
#include <regex>
using namespace std;
// GH-2168 <regex>: integer overflow on large backreference value
int main() {
try {
// 4294967297 = 1 mod 2^32, so this will succeed if we don't check for
overflow.
regex testRegex{R"((a)\4294967297)", regex_constants::ECMAScript};
assert(false);
} catch (const regex_error& e) {
assert(e.code() == regex_constants::error_backref);
}
}
```
https://gcc.godbolt.org/z/nzET6nvxo
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libstdc++/106607] Regex integer overflow on large backreference value
2022-08-13 9:26 [Bug libstdc++/106607] New: Regex integer overflow on large backreference value fsb4000 at yandex dot ru
@ 2022-09-07 14:16 ` cvs-commit at gcc dot gnu.org
2022-09-07 17:49 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-09-07 14:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106607
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-12 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:
https://gcc.gnu.org/g:87da20c6e280925d885c5472de9189515f46880b
commit r12-8746-g87da20c6e280925d885c5472de9189515f46880b
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Mon Aug 22 15:16:16 2022 +0100
libstdc++: Check for overflow in regex back-reference [PR106607]
Currently we fail to notice integer overflow when parsing a
back-reference expression, or when converting the parsed result from
long to int. This changes the result to be int, so no conversion is
needed, and uses the overflow-checking built-ins to detect an
out-of-range back-reference.
libstdc++-v3/ChangeLog:
PR libstdc++/106607
* include/bits/regex_compiler.tcc (_Compiler::_M_cur_int_value):
Use built-ins to check for integer overflow in back-reference
number.
* testsuite/28_regex/basic_regex/106607.cc: New test.
(cherry picked from commit 1b09eea33f2bf9d1eae73b25cc25efb05ea1dc3f)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libstdc++/106607] Regex integer overflow on large backreference value
2022-08-13 9:26 [Bug libstdc++/106607] New: Regex integer overflow on large backreference value fsb4000 at yandex dot ru
2022-09-07 14:16 ` [Bug libstdc++/106607] " cvs-commit at gcc dot gnu.org
@ 2022-09-07 17:49 ` cvs-commit at gcc dot gnu.org
2022-09-07 17:54 ` redi at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-09-07 17:49 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106607
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:
https://gcc.gnu.org/g:d023d805d9e20c3f46654dc7ea96c9228d650ddb
commit r11-10243-gd023d805d9e20c3f46654dc7ea96c9228d650ddb
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Mon Aug 22 15:16:16 2022 +0100
libstdc++: Check for overflow in regex back-reference [PR106607]
Currently we fail to notice integer overflow when parsing a
back-reference expression, or when converting the parsed result from
long to int. This changes the result to be int, so no conversion is
needed, and uses the overflow-checking built-ins to detect an
out-of-range back-reference.
libstdc++-v3/ChangeLog:
PR libstdc++/106607
* include/bits/regex_compiler.tcc (_Compiler::_M_cur_int_value):
Use built-ins to check for integer overflow in back-reference
number.
* testsuite/28_regex/basic_regex/106607.cc: New test.
(cherry picked from commit 1b09eea33f2bf9d1eae73b25cc25efb05ea1dc3f)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libstdc++/106607] Regex integer overflow on large backreference value
2022-08-13 9:26 [Bug libstdc++/106607] New: Regex integer overflow on large backreference value fsb4000 at yandex dot ru
2022-09-07 14:16 ` [Bug libstdc++/106607] " cvs-commit at gcc dot gnu.org
2022-09-07 17:49 ` cvs-commit at gcc dot gnu.org
@ 2022-09-07 17:54 ` redi at gcc dot gnu.org
2023-06-23 16:12 ` cvs-commit at gcc dot gnu.org
2023-06-23 16:19 ` redi at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: redi at gcc dot gnu.org @ 2022-09-07 17:54 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106607
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
Target Milestone|--- |11.4
--- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Fixed for 12.3 and 11.4
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libstdc++/106607] Regex integer overflow on large backreference value
2022-08-13 9:26 [Bug libstdc++/106607] New: Regex integer overflow on large backreference value fsb4000 at yandex dot ru
` (2 preceding siblings ...)
2022-09-07 17:54 ` redi at gcc dot gnu.org
@ 2023-06-23 16:12 ` cvs-commit at gcc dot gnu.org
2023-06-23 16:19 ` redi at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-06-23 16:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106607
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:
https://gcc.gnu.org/g:fab3692a2cf961b7364d7f77dd976ba0e4f752b7
commit r10-11467-gfab3692a2cf961b7364d7f77dd976ba0e4f752b7
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Mon Aug 22 15:16:16 2022 +0100
libstdc++: Check for overflow in regex back-reference [PR106607]
Currently we fail to notice integer overflow when parsing a
back-reference expression, or when converting the parsed result from
long to int. This changes the result to be int, so no conversion is
needed, and uses the overflow-checking built-ins to detect an
out-of-range back-reference.
libstdc++-v3/ChangeLog:
PR libstdc++/106607
* include/bits/regex_compiler.tcc (_Compiler::_M_cur_int_value):
Use built-ins to check for integer overflow in back-reference
number.
* testsuite/28_regex/basic_regex/106607.cc: New test.
(cherry picked from commit 1b09eea33f2bf9d1eae73b25cc25efb05ea1dc3f)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libstdc++/106607] Regex integer overflow on large backreference value
2022-08-13 9:26 [Bug libstdc++/106607] New: Regex integer overflow on large backreference value fsb4000 at yandex dot ru
` (3 preceding siblings ...)
2023-06-23 16:12 ` cvs-commit at gcc dot gnu.org
@ 2023-06-23 16:19 ` redi at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: redi at gcc dot gnu.org @ 2023-06-23 16:19 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106607
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|11.4 |10.5
--- Comment #6 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Backported for 10.5 too.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-06-23 16:19 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-13 9:26 [Bug libstdc++/106607] New: Regex integer overflow on large backreference value fsb4000 at yandex dot ru
2022-09-07 14:16 ` [Bug libstdc++/106607] " cvs-commit at gcc dot gnu.org
2022-09-07 17:49 ` cvs-commit at gcc dot gnu.org
2022-09-07 17:54 ` redi at gcc dot gnu.org
2023-06-23 16:12 ` cvs-commit at gcc dot gnu.org
2023-06-23 16:19 ` redi at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).