[webkit-changes] cvs commit: JavaScriptCore/pcre pcre.c
Timothy
thatcher at opensource.apple.com
Thu Nov 10 09:26:38 PST 2005
thatcher 05/11/10 09:26:37
Modified: . Tag: Safari-2-0-branch ChangeLog
pcre Tag: Safari-2-0-branch pcre.c
Log:
Reviewed by Darin.
- Fixed <rdar://problem/4323773> REGRESSION (412.2-416.12): [[xxx]]
appears on page due to JS regexp with char > 255 (5597)
(tiddlywiki.com)
Previously, we fixed a buffer overflow by returning an error when
compiling character classes with characters > 255. But that broke
the internet.
Plan B here is to work around such classes, skipping single characters
> 255, skipping character ranges beginning > 255, and truncating
character ranges at 255.
I removed the early returns we added and the early returns in the
original library. Now, funky expressions compile normally, tweaked
by our special rules.
I also merged the UTF8 and UTF16 checks for out of range characters.
I remember we kept them separate before because we were purist about
marking off our code changes inside UTF16 #ifdefs. Since this patch
applies equally to UTF8 and UTF16, we've already lost that innocence,
so why not have a little fun?
* ChangeLog:
* pcre/pcre.c:
(compile_branch):
* tests/mozilla/jsDriver.pl: Oh, by the way, I modified this to look
inside of $SYMROOTS/Development. Not perfect, but certainly better
than $SYMROOTS/, which is always wrong with XCode 2.1.
Revision Changes Path
No revision
No revision
1.677.6.52 +33 -0 JavaScriptCore/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /cvs/root/JavaScriptCore/ChangeLog,v
retrieving revision 1.677.6.51
retrieving revision 1.677.6.52
diff -u -r1.677.6.51 -r1.677.6.52
--- ChangeLog 28 Oct 2005 22:29:56 -0000 1.677.6.51
+++ ChangeLog 10 Nov 2005 17:26:32 -0000 1.677.6.52
@@ -1,3 +1,36 @@
+2005-11-04 Geoffrey Garen <ggaren at apple.com>
+
+ Reviewed by Darin.
+
+ - Fixed <rdar://problem/4323773> REGRESSION (412.2-416.12): [[xxx]]
+ appears on page due to JS regexp with char > 255 (5597)
+ (tiddlywiki.com)
+
+ Previously, we fixed a buffer overflow by returning an error when
+ compiling character classes with characters > 255. But that broke
+ the internet.
+
+ Plan B here is to work around such classes, skipping single characters
+ > 255, skipping character ranges beginning > 255, and truncating
+ character ranges at 255.
+
+ I removed the early returns we added and the early returns in the
+ original library. Now, funky expressions compile normally, tweaked
+ by our special rules.
+
+ I also merged the UTF8 and UTF16 checks for out of range characters.
+ I remember we kept them separate before because we were purist about
+ marking off our code changes inside UTF16 #ifdefs. Since this patch
+ applies equally to UTF8 and UTF16, we've already lost that innocence,
+ so why not have a little fun?
+
+ * ChangeLog:
+ * pcre/pcre.c:
+ (compile_branch):
+ * tests/mozilla/jsDriver.pl: Oh, by the way, I modified this to look
+ inside of $SYMROOTS/Development. Not perfect, but certainly better
+ than $SYMROOTS/, which is always wrong with XCode 2.1.
+
=== JavaScriptCore-417.4 ===
2005-10-26 Timothy Hatcher <timothy at apple.com>
No revision
No revision
1.3.12.3 +17 -31 JavaScriptCore/pcre/Attic/pcre.c
Index: pcre.c
===================================================================
RCS file: /cvs/root/JavaScriptCore/pcre/Attic/pcre.c,v
retrieving revision 1.3.12.2
retrieving revision 1.3.12.3
diff -u -r1.3.12.2 -r1.3.12.3
--- pcre.c 9 Aug 2005 01:14:03 -0000 1.3.12.2
+++ pcre.c 10 Nov 2005 17:26:36 -0000 1.3.12.3
@@ -1184,13 +1184,6 @@
*errorptr = ERR6;
goto FAILED;
}
-#if PCRE_UTF16
- if (c > 255)
- {
- *errorptr = ERR33;
- goto FAILED;
- }
-#endif
/* Handle POSIX class names. Perl allows a negation extension of the
form [:^name]. A square bracket that doesn't match the syntax is
@@ -1300,16 +1293,7 @@
}
}
- /* Fall through if single character, but don't at present allow
- chars > 255 in UTF-8 mode. */
-
-#ifdef SUPPORT_UTF8
- if (c > 255)
- {
- *errorptr = ERR33;
- goto FAILED;
- }
-#endif
+ /* Fall through if single character. */
}
/* A single character may be followed by '-' to form a range. However,
@@ -1327,13 +1311,6 @@
*errorptr = ERR6;
goto FAILED;
}
-#if PCRE_UTF16
- if (d > 255)
- {
- *errorptr = ERR33;
- goto FAILED;
- }
-#endif
/* The second part of a range can be a single-character escape, but
not any of the other escapes. Perl 5.6 treats a hyphen as a literal
@@ -1344,13 +1321,6 @@
const ichar *oldptr = ptr;
d = check_escape(&ptr, errorptr, *brackets, options, TRUE, cd);
-#ifdef SUPPORT_UTF8
- if (d > 255)
- {
- *errorptr = ERR33;
- goto FAILED;
- }
-#endif
/* \b is backslash; any other special means the '-' was literal */
if (d < 0)
@@ -1369,6 +1339,16 @@
goto FAILED;
}
+#ifdef SUPPORT_UTF8
+ /* start of character range is out of range -- skip range */
+ if (c > 255)
+ continue;
+
+ /* end of character range is out of range -- truncate range */
+ if (d > 255)
+ d = 255;
+#endif
+
for (; c <= d; c++)
{
class[c/8] |= (1 << (c&7));
@@ -1388,6 +1368,12 @@
SINGLE_CHARACTER:
+#ifdef SUPPORT_UTF8
+ /* character is out of range -- skip it */
+ if (c > 255)
+ continue;
+#endif
+
class [c/8] |= (1 << (c&7));
if ((options & PCRE_CASELESS) != 0)
{
More information about the webkit-changes
mailing list