diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | regparse.c | 2 | ||||
-rw-r--r-- | test/ruby/test_regexp.rb | 2 |
3 files changed, 8 insertions, 1 deletions
@@ -1,3 +1,8 @@ +Wed May 25 18:30:53 2016 NARUSE, Yui <naruse@ruby-lang.org> + + * regparse.c (fetch_token_in_cc): raise error if given octal escaped + character is too big. [Bug #12420] [Bug #12423] + Wed May 25 17:45:15 2016 Kazuki Yamaguchi <k@rhe.jp> * ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. diff --git a/regparse.c b/regparse.c index f405f5481b..2924601bc2 100644 --- a/regparse.c +++ b/regparse.c @@ -3229,7 +3229,7 @@ fetch_token_in_cc(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) PUNFETCH; prev = p; num = scan_unsigned_octal_number(&p, end, 3, enc); - if (num < 0) return ONIGERR_TOO_BIG_NUMBER; + if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER; if (p == prev) { /* can't read nothing. */ num = 0; /* but, it's not error */ } diff --git a/test/ruby/test_regexp.rb b/test/ruby/test_regexp.rb index 85e78383b0..66e2802a23 100644 --- a/test/ruby/test_regexp.rb +++ b/test/ruby/test_regexp.rb @@ -439,6 +439,8 @@ class TestRegexp < Test::Unit::TestCase assert_equal(arg_encoding_none, Regexp.new("", nil, "N").options) assert_raise(RegexpError) { Regexp.new(")(") } + assert_raise(RegexpError) { Regexp.new('[\\40000000000') } + assert_raise(RegexpError) { Regexp.new('[\\600000000000.') } end def test_unescape |