archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8224789: Parsing repetition count in regex does not detect numeric overflow

Browse source 
Reviewed-by: rriggs, bchristi
This commit is contained in:
Ivan Gerasimov 2019-05-29 13:44:27 -07:00
parent 051b4e2963
commit f5e2916507
2 changed files with 70 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

37
src/java.base/share/classes/java/util/regex/Pattern.java
View file

@ -3271,28 +3271,33 @@ loop: for(int x=0, offset=0; x<nCodePoints; x++, offset+=len) {
case '+':
return curly(prev, 1);
case '{':
ch = temp[cursor+1];
ch = skip();
if (ASCII.isDigit(ch)) {
skip();
int cmin = 0;
do {
cmin = cmin * 10 + (ch - '0');
} while (ASCII.isDigit(ch = read()));
int cmax = cmin;
if (ch == ',') {
ch = read();
cmax = MAX_REPS;
if (ch != '}') {
cmax = 0;
while (ASCII.isDigit(ch)) {
cmax = cmax * 10 + (ch - '0');
ch = read();
int cmin = 0, cmax;
try {
do {
cmin = Math.addExact(Math.multiplyExact(cmin, 10),
ch - '0');
} while (ASCII.isDigit(ch = read()));
cmax = cmin;
if (ch == ',') {
ch = read();
cmax = MAX_REPS;
if (ch != '}') {
cmax = 0;
while (ASCII.isDigit(ch)) {
cmax = Math.addExact(Math.multiplyExact(cmax, 10),
ch - '0');
ch = read();
}
}
}
} catch (ArithmeticException ae) {
throw error("Illegal repetition range");
}
if (ch != '}')
throw error("Unclosed counted closure");
if (((cmin) | (cmax) | (cmax - cmin)) < 0)
if (cmax < cmin)
throw error("Illegal repetition range");
Curly curly;
ch = peek();