From ac3838b6229004c4b0de360e44956bfc54d09323 Mon Sep 17 00:00:00 2001
From: jzmaddock <jz.maddock@gmail.com>
Date: Tue, 21 Feb 2017 10:53:53 +0000
Subject: [PATCH] de-fuzz: fix undefined behaviour in negating enum type

---
 include/boost/regex/v4/match_flags.hpp        |  13 ++-
 .../boost/regex/v4/perl_matcher_common.hpp    |   2 +-
 test/de_fuzz/dictionary.txt                   | 102 +++++++++---------
 test/de_fuzz/narrow.cpp                       |   1 +
 4 files changed, 65 insertions(+), 53 deletions(-)

diff --git a/include/boost/regex/v4/match_flags.hpp b/include/boost/regex/v4/match_flags.hpp
index 1c0046b7..0b30faaf 100644
--- a/include/boost/regex/v4/match_flags.hpp
+++ b/include/boost/regex/v4/match_flags.hpp
@@ -68,7 +68,18 @@ typedef enum _match_flags
    format_no_copy = format_all << 1,                 /* don't copy non-matching segments. */
    format_first_only = format_no_copy << 1,          /* Only replace first occurance. */
    format_is_if = format_first_only << 1,            /* internal use only. */
-   format_literal = format_is_if << 1                /* treat string as a literal */
+   format_literal = format_is_if << 1,               /* treat string as a literal */
+
+   match_not_any = match_not_bol | match_not_eol | match_not_bob 
+      | match_not_eob | match_not_bow | match_not_eow | match_not_dot_newline 
+      | match_not_dot_null | match_prev_avail | match_init | match_not_null
+      | match_continuous | match_partial | match_stop | match_not_initial_null 
+      | match_stop | match_all | match_perl | match_posix | match_nosubs
+      | match_extra | match_single_line | match_unused1 | match_unused2 
+      | match_unused3 | match_max | format_perl | format_default | format_sed
+      | format_all | format_no_copy | format_first_only | format_is_if
+      | format_literal,
+
 
 } match_flags;
 
diff --git a/include/boost/regex/v4/perl_matcher_common.hpp b/include/boost/regex/v4/perl_matcher_common.hpp
index 6febff4c..7974e748 100644
--- a/include/boost/regex/v4/perl_matcher_common.hpp
+++ b/include/boost/regex/v4/perl_matcher_common.hpp
@@ -90,7 +90,7 @@ void perl_matcher<BidiIterator, Allocator, traits>::construct_init(const basic_r
    match_any_mask = static_cast<unsigned char>((f & match_not_dot_newline) ? BOOST_REGEX_DETAIL_NS::test_not_newline : BOOST_REGEX_DETAIL_NS::test_newline);
    // Disable match_any if requested in the state machine:
    if(e.get_data().m_disable_match_any)
-      m_match_flags &= ~regex_constants::match_any;
+      m_match_flags &= regex_constants::match_not_any;
 }
 
 template <class BidiIterator, class Allocator, class traits>
diff --git a/test/de_fuzz/dictionary.txt b/test/de_fuzz/dictionary.txt
index d434bf4b..bd145050 100644
--- a/test/de_fuzz/dictionary.txt
+++ b/test/de_fuzz/dictionary.txt
@@ -5,7 +5,7 @@ r3="{"
 r4="}"
 r5="("
 r6=")"
-r7="\"
+r7="\\"
 r8="*"
 r9="+"
 r10="?"
@@ -28,12 +28,12 @@ r25="{4, 10}?"
 r26="{4}"
 r27="{4,}"
 r28="{4, 10}"
-r29="\1"
+r29="\\1"
 r30="g1"
 r31="g{1}"
 r32="g-1"
 r33="g{one}"
-r34="\k<one>"
+r34="\\k<one>"
 r35="[abc]"
 r36="[a-c]"
 r36="[^abc]"
@@ -101,52 +101,52 @@ r98="[[.NUL.]]"
 r99="[[.SOH.]]"
 r100="[[.alert.]]"
 r101="[[=a=]]"
-r102="\a"
-r103="\e"
-r104="\r"
-r105="\n"
-r106="\t"
-r107="\v"
-r108="\b"
-r109="\C9"
-r110="\xcf"
-r111="\x{13}"
-r112="\x{01f4}"
-r113="\0456"
-r114="\N{newline}"
-r115="\d"
-r116="\l"
-r117="\s"
-r118="\u"
-r119="\w"
-r120="\h"
-r121="\v"
-r122="\D"
-r123="\L"
-r124="\S"
-r125="\U"
-r126="\W"
-r127="\H"
-r128="\V"
-r129="\pd"
-r130="\p{digit}"
-r131="\Pd"
-r132="\P{digit}"
-r133="\<"
-r134="\>"
-r135="\b"
-r136="\B"
-r137="\`"
-r138="\'"
-r139="\A"
-r140="\z"
-r141="\Z"
-r142="\G"
-r143="\Q"
-r144="\E"
-r145="\C"
-r146="\R"
-r147="\K"
+r102="\\a"
+r103="\\e"
+r104="\\r"
+r105="\\n"
+r106="\\t"
+r107="\\v"
+r108="\\b"
+r109="\\C9"
+r110="\\xcf"
+r111="\\x{13}"
+r112="\\x{01f4}"
+r113="\\0456"
+r114="\\N{newline}"
+r115="\\d"
+r116="\\l"
+r117="\\s"
+r118="\\u"
+r119="\\w"
+r120="\\h"
+r121="\\v"
+r122="\\D"
+r123="\\L"
+r124="\\S"
+r125="\\U"
+r126="\\W"
+r127="\\H"
+r128="\\V"
+r129="\\pd"
+r130="\\p{digit}"
+r131="\\Pd"
+r132="\\P{digit}"
+r133="\\<"
+r134="\\>"
+r135="\\b"
+r136="\\B"
+r137="\\`"
+r138="\\'"
+r139="\\A"
+r140="\\z"
+r141="\\Z"
+r142="\\G"
+r143="\\Q"
+r144="\\E"
+r145="\\C"
+r146="\\R"
+r147="\\K"
 r148="(?<one>abc)"
 r149="(?<one>"
 r150="(?'one'abc)"
@@ -175,8 +175,8 @@ r173="(?+1)"
 r174="(?R)"
 r175="(?0)"
 r176="(?&one)"
-r177="(?(?=\>)"
-r178="(?(?!\>)"
+r177="(?(?=\\>)"
+r178="(?(?!\\>)"
 r179="(?(1)"
 r180="(?(<one>)"
 r181="(?('one')"
diff --git a/test/de_fuzz/narrow.cpp b/test/de_fuzz/narrow.cpp
index 849ec7b2..448c6b78 100644
--- a/test/de_fuzz/narrow.cpp
+++ b/test/de_fuzz/narrow.cpp
@@ -7,6 +7,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     return 0;
   try{
     size_t len = (Data[1] << 8) | Data[0];
+    if(len > Size - 2) len = Size - 2;
     std::string str((char*)(Data + 2), len);
     std::string text((char*)(Data + len), Size - len);
     boost::regex e(str);