* regparse.c (fetch_token_in_cc): raise error if given octal escaped

character is too big. [Bug #12420] [Bug #12423]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55163 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,8 @@
+Wed May 25 18:30:53 2016  NARUSE, Yui  <naruse@ruby-lang.org>
+
+	* regparse.c (fetch_token_in_cc): raise error if given octal escaped
+	  character is too big. [Bug #12420] [Bug #12423]
+
 Wed May 25 17:45:15 2016  Kazuki Yamaguchi  <k@rhe.jp>
 
 	* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.

regparse.c

@@ -3229,7 +3229,7 @@ fetch_token_in_cc(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env)
 	PUNFETCH;
 	prev = p;
 	num = scan_unsigned_octal_number(&p, end, 3, enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}

test/ruby/test_regexp.rb

@@ -439,6 +439,8 @@ class TestRegexp < Test::Unit::TestCase
     assert_equal(arg_encoding_none, Regexp.new("", nil, "N").options)
 
     assert_raise(RegexpError) { Regexp.new(")(") }
+    assert_raise(RegexpError) { Regexp.new('[\\40000000000') }
+    assert_raise(RegexpError) { Regexp.new('[\\600000000000.') }
   end
 
   def test_unescape