File regex-parse-reg-exp.patch of Package glibc.14505
2015-09-19 Paul Eggert <eggert@cs.ucla.edu>
Diagnose ERE '()|\1'
Problem reported by Hanno Böck in: http://bugs.gnu.org/21513
* lib/regcomp.c (parse_reg_exp): While parsing alternatives, keep
track of the set of previously-completed subexpressions available
before the first alternative, and restore this set just before
parsing each subsequent alternative. This lets us diagnose the
invalid back-reference in the ERE '()|\1'.
Index: glibc-2.26/posix/regcomp.c
===================================================================
--- glibc-2.26.orig/posix/regcomp.c
+++ glibc-2.26/posix/regcomp.c
@@ -2134,6 +2134,7 @@ parse_reg_exp (re_string_t *regexp, rege
{
re_dfa_t *dfa = (re_dfa_t *) preg->buffer;
bin_tree_t *tree, *branch = NULL;
+ bitset_word_t initial_bkref_map = dfa->completed_bkref_map;
tree = parse_branch (regexp, preg, token, syntax, nest, err);
if (BE (*err != REG_NOERROR && tree == NULL, 0))
return NULL;
@@ -2144,6 +2145,8 @@ parse_reg_exp (re_string_t *regexp, rege
if (token->type != OP_ALT && token->type != END_OF_RE
&& (nest == 0 || token->type != OP_CLOSE_SUBEXP))
{
+ bitset_word_t accumulated_bkref_map = dfa->completed_bkref_map;
+ dfa->completed_bkref_map = initial_bkref_map;
branch = parse_branch (regexp, preg, token, syntax, nest, err);
if (BE (*err != REG_NOERROR && branch == NULL, 0))
{
@@ -2151,6 +2154,7 @@ parse_reg_exp (re_string_t *regexp, rege
postorder (tree, free_tree, NULL);
return NULL;
}
+ dfa->completed_bkref_map |= accumulated_bkref_map;
}
else
branch = NULL;