[Bug libstdc++/106607] Regex integer overflow on large backreference value

cvs-commit at gcc dot gnu.org via Gcc-bugs Wed, 07 Sep 2022 10:49:46 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106607


--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-11 branch has been updated by Jonathan Wakely
<r...@gcc.gnu.org>:

https://gcc.gnu.org/g:d023d805d9e20c3f46654dc7ea96c9228d650ddb

commit r11-10243-gd023d805d9e20c3f46654dc7ea96c9228d650ddb
Author: Jonathan Wakely <jwak...@redhat.com>
Date:   Mon Aug 22 15:16:16 2022 +0100

    libstdc++: Check for overflow in regex back-reference [PR106607]

    Currently we fail to notice integer overflow when parsing a
    back-reference expression, or when converting the parsed result from
    long to int. This changes the result to be int, so no conversion is
    needed, and uses the overflow-checking built-ins to detect an
    out-of-range back-reference.

    libstdc++-v3/ChangeLog:

            PR libstdc++/106607
            * include/bits/regex_compiler.tcc (_Compiler::_M_cur_int_value):
            Use built-ins to check for integer overflow in back-reference
            number.
            * testsuite/28_regex/basic_regex/106607.cc: New test.

    (cherry picked from commit 1b09eea33f2bf9d1eae73b25cc25efb05ea1dc3f)

[Bug libstdc++/106607] Regex integer overflow on large backreference value

Reply via email to