From 70e8f5988476c4ef3f8d0296d03a1f97380de212 Mon Sep 17 00:00:00 2001 From: Marshall Clow Date: Mon, 24 Aug 2015 15:57:09 +0000 Subject: [PATCH] Fix a crasher found by libFuzzer git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@245849 91177308-0d34-0410-b5e6-96231b3b80d8 --- include/regex | 2 ++ .../std/re/re.alg/re.alg.search/grep.pass.cpp | 23 +++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/include/regex b/include/regex index b355bbb3..b2b556e5 100644 --- a/include/regex +++ b/include/regex @@ -1733,6 +1733,8 @@ template void __back_ref<_CharT>::__exec(__state& __s) const { + if (__mexp_ > __s.__sub_matches_.size()) + __throw_regex_error(); sub_match& __sm = __s.__sub_matches_[__mexp_-1]; if (__sm.matched) { diff --git a/test/std/re/re.alg/re.alg.search/grep.pass.cpp b/test/std/re/re.alg/re.alg.search/grep.pass.cpp index 113243ec..fbeddd04 100644 --- a/test/std/re/re.alg/re.alg.search/grep.pass.cpp +++ b/test/std/re/re.alg/re.alg.search/grep.pass.cpp @@ -21,6 +21,28 @@ #include "test_iterators.h" +extern "C" void LLVMFuzzerTestOneInput(const char *data) +{ + size_t size = strlen(data); + if (size > 0) + { + try + { + std::regex::flag_type flag = std::regex_constants::grep; + std::string s((const char *)data, size); + std::regex re(s, flag); + std::regex_match(s, re); + } + catch (std::regex_error &ex) {} + } +} + + +void fuzz_tests() // patterns that the fuzzer has found +{ + LLVMFuzzerTestOneInput(R"XX(Õ)_%()()((\8'_%()_%()_%()_%(()_%()_%()_%(.t;)()¥f()_%()(.)_%;)()!¥f(((()()XX"); +} + int main() { { @@ -55,4 +77,5 @@ int main() assert(m.position(0) == 0); assert(m.str(0) == ""); } + fuzz_tests(); }