merge revision(s) 55163,55165: [Backport #12420]

* regparse.c (fetch_token_in_cc): raise error if given octal escaped character is too big. [Bug #12420] [Bug #12423] * re.c (unescape_nonascii): scan hex up to only 3 characters. [Bug #12420] [Bug #12423] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@55458 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2016-06-19 17:35:40 +00:00 · 2016-06-19 17:35:40 +00:00 · 68c4c9d24c
commit 68c4c9d24c
parent 1049e08aa7
5 changed files with 18 additions and 6 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+Mon Jun 20 02:25:44 2016  NARUSE, Yui  <naruse@ruby-lang.org>
+
+	* re.c (unescape_nonascii): scan hex up to only 3 characters.
+	  [Bug #12420] [Bug #12423]
+
+Mon Jun 20 02:25:44 2016  NARUSE, Yui  <naruse@ruby-lang.org>
+
+	* regparse.c (fetch_token_in_cc): raise error if given octal escaped
+	  character is too big. [Bug #12420] [Bug #12423]
+
 Sun Jun 19 04:29:13 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* include/ruby/missing.h (isfinite): move from numeric.c.
--- a/re.c
+++ b/re.c
@ -2306,8 +2306,8 @@ unescape_nonascii(const char *p, const char *end, rb_encoding *enc,
              case '1': case '2': case '3':
              case '4': case '5': case '6': case '7': /* \O, \OO, \OOO or backref */
                {
-                    size_t octlen;
-                    if (ruby_scan_oct(p-1, end-(p-1), &octlen) <= 0177) {
+                    size_t len = end-(p-1), octlen;
+                    if (ruby_scan_oct(p-1, len < 3 ? len : 3, &octlen) <= 0177) {
                        /* backref or 7bit octal.
                           no need to unescape anyway.
                           re-escaping may break backref */
--- a/regparse.c
+++ b/regparse.c
@ -3222,7 +3222,7 @@ fetch_token_in_cc(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env)
 	PUNFETCH;
 	prev = p;
 	num = scan_unsigned_octal_number(&p, end, 3, enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
--- a/test/ruby/test_regexp.rb
+++ b/test/ruby/test_regexp.rb
@ -389,6 +389,8 @@ class TestRegexp < Test::Unit::TestCase
    assert_equal(arg_encoding_none, Regexp.new("", nil, "N").options)

    assert_raise(RegexpError) { Regexp.new(")(") }
+    assert_raise(RegexpError) { Regexp.new('[\\40000000000') }
+    assert_raise(RegexpError) { Regexp.new('[\\600000000000.') }
  end

  def test_unescape
--- a/version.h
+++ b/version.h
@ -1,10 +1,10 @@
 #define RUBY_VERSION "2.3.2"
-#define RUBY_RELEASE_DATE "2016-06-19"
-#define RUBY_PATCHLEVEL 133
+#define RUBY_RELEASE_DATE "2016-06-20"
+#define RUBY_PATCHLEVEL 134

 #define RUBY_RELEASE_YEAR 2016
 #define RUBY_RELEASE_MONTH 6
-#define RUBY_RELEASE_DAY 19
+#define RUBY_RELEASE_DAY 20

 #include "ruby/version.h"