1b09eea33f
Currently we fail to notice integer overflow when parsing a back-reference expression, or when converting the parsed result from long to int. This changes the result to be int, so no conversion is needed, and uses the overflow-checking built-ins to detect an out-of-range back-reference. libstdc++-v3/ChangeLog: PR libstdc++/106607 * include/bits/regex_compiler.tcc (_Compiler::_M_cur_int_value): Use built-ins to check for integer overflow in back-reference number. * testsuite/28_regex/basic_regex/106607.cc: New test.
25 lines
608 B
C++
25 lines
608 B
C++
// { dg-do run { target c++11 } }
|
|
|
|
#include <regex>
|
|
#include <string>
|
|
#include <climits>
|
|
#include <testsuite_hooks.h>
|
|
|
|
// PR libstdc++/106607 - Regex integer overflow on large backreference value
|
|
|
|
int main()
|
|
{
|
|
std::regex r("(.)\\1"); // OK
|
|
|
|
try
|
|
{
|
|
long long n = (unsigned)-1 + 2LL; // 4294967297 for 32-bit int
|
|
VERIFY( (int)n == 1 ); // 4294967297 % 2^32 == 1
|
|
std::regex r("(.)\\" + std::to_string(n)); // Invalid back reference.
|
|
VERIFY(false);
|
|
}
|
|
catch (const std::regex_error& e)
|
|
{
|
|
VERIFY( e.code() == std::regex_constants::error_backref );
|
|
}
|
|
}
|