pedroediaz/lexvm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add theoretical nsubs size limit

Browse Source
This commit is contained in:
Kyryl Melekhin
2021-09-07 18:46:21 +00:00
parent 55e0ec31ac
commit 6b37292d0f
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pike.c
View File

@@ -537,12 +537,18 @@ int re_pikevm(rcode *prog, const char *s, const char **subp, int nsubp)
{ {
int i, j, c, gen, subidx = 1, *npc; int i, j, c, gen, subidx = 1, *npc;
int rsubsize = sizeof(rsub)+(sizeof(char*)*nsubp); int rsubsize = sizeof(rsub)+(sizeof(char*)*nsubp);
int nsubssize = rsubsize * (prog->len+3 - prog->splits);
int clistidx = 0, nlistidx = 0; int clistidx = 0, nlistidx = 0;
const char *sp = s, *_sp = s; const char *sp = s, *_sp = s;
int *insts = prog->insts; int *insts = prog->insts;
int *pcs[prog->splits]; int *pcs[prog->splits];
rsub *subs[prog->splits]; rsub *subs[prog->splits];
char nsubs[rsubsize * (prog->len+3 - prog->splits)]; /* Although worst case scenario nsubs size is prog->len,
with moderate sized regexes it is easy to stack overflow
here. Most of the time only very small portion of memory
is actually used, but it is necessary to cover all cases
and posible paths, as it is nondeterministic. */
char nsubs[nsubssize > 500000 ? 500000 : nsubssize];
rsub *nsub, *s1, *matched = NULL, *freesub = NULL; rsub *nsub, *s1, *matched = NULL, *freesub = NULL;
rthread _clist[prog->len], _nlist[prog->len]; rthread _clist[prog->len], _nlist[prog->len];
rthread *clist = _clist, *nlist = _nlist, *tmp; rthread *clist = _clist, *nlist = _nlist, *tmp;