Regex: When matching an (*ACCEPT) and skipping forwards, we have to be careful not to stop skipping prematurely if we're inside a lookahead.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3493#c2
2017-10-24 19:06:53 +01:00
parent 50453e319a
commit f251a98662
1 changed files with 5 additions and 0 deletions
--- a/include/boost/regex/v4/perl_matcher_non_recursive.hpp
+++ b/include/boost/regex/v4/perl_matcher_non_recursive.hpp
@ -1181,10 +1181,15 @@ bool perl_matcher<BidiIterator, Allocator, traits>::skip_until_paren(int index,
         {
            // Unenclosed closing ), occurs when (*ACCEPT) is inside some other 
            // parenthesis which may or may not have other side effects associated with it.
+            const re_syntax_base* sp = pstate;
            match_endmark();
            if(!pstate)
            {
               unwind(true);
+               // unwind may leave pstate NULL if we've unwound a forward lookahead, in which
+               // case just move to the next state and keep looking...
+               if (!pstate)
+                  pstate = sp->next.p;
            }
         }
         continue;