Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / c523b04b0f5cf76b503cfbed17fec95f61c1bd2e^! / . / Misc / NEWS
commitc523b04b0f5cf76b503cfbed17fec95f61c1bd2e[log] [tgz]
authorGustavo Niemeyer <gustavo@niemeyer.net>Thu Nov 07 03:28:56 2002 +0000
committerGustavo Niemeyer <gustavo@niemeyer.net>Thu Nov 07 03:28:56 2002 +0000
tree7017f4c0a06d96cce4af10ae4916fb9d032c2628
parent65fe8dda1588017bb5f15c8ab2fdbfb3b3c0bac7 [diff] [blame]
Fixed sre bug "[#581080] Provoking infinite scanner loops".

This bug happened because: 1) the scanner_search and scanner_match methods
were not checking the buffer limits before increasing the current pointer;
and 2) SRE_SEARCH was using "if (ptr == end)" as a loop break, instead of
"if (ptr >= end)".

* Modules/_sre.c
  (SRE_SEARCH): Check for "ptr >= end" to break loops, so that we don't
  hang forever if a pointer passing the buffer limit is used.
  (scanner_search,scanner_match): Don't increment the current pointer
  if we're going to pass the buffer limit.

* Misc/NEWS
  Mention the fix.

diff --git a/Misc/NEWS b/Misc/NEWS
index 5d97dd7..8b1d085 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -359,6 +359,11 @@
   when running the expression r'(a)(b)?b' over 'ab', lastindex must be
   1, not 2.
 
+- Fixed bug #581080: sre scanner was not checking the buffer limit
+  before increasing the current pointer. This was creating an infinite
+  loop in the search function, once the pointer exceeded the buffer
+  limit.
+
 Library
 -------