if (*endp == ']')
{
int plen;
+ bool range_endpoint;
/*
* Try to reverse engineer character classes. For example,
* recognize that [0-9] stands for \d and [A-Za-z_] for \h,
while (regparse < endp)
{
int oldstartc = startc;
+ range_endpoint = false;
startc = -1;
got_coll_char = FALSE;
if (emit_range)
{
int endc = startc;
+ range_endpoint = true;
startc = oldstartc;
if (startc > endc)
}
}
- if (enc_utf8 && (utf_ptr2len(regparse) != (plen = utfc_ptr2len(regparse))))
+ //
+ // If this character was consumed as the end of a range, do not emit its
+ // composing characters separately. Range handling only uses the base
+ // codepoint; emitting the composing part again would duplicate the
+ // character in the postfix stream and corrupt the NFA stack.
+ //
+ if (!range_endpoint && enc_utf8 &&
+ (utf_ptr2len(regparse) != (plen = utfc_ptr2len(regparse))))
{
int i = utf_ptr2len(regparse);
++len;
if (state->c != NFA_ANY)
{
- // skip over the characters
+ // Skip over the compiled collection.
+ // malformed NFAs must not crash width estimation.
+ if (state->out1 == NULL || state->out1->out == NULL)
+ return -1;
state = state->out1->out;
continue;
}
set ignorecase&vim re&vim
endfun
+func Test_regex_collection_range_with_composing_crash()
+ " Regression test: composing char in collection range caused NFA crash/E874
+ new
+ call setline(1, ['00', '0ֻ', '01'])
+ let patterns = [ '0[0-0ֻ]\@<!','0[0ֻ]\@<!']
+
+ for pat in patterns
+ " Should compile and execute without crash or error
+ for re in range(3)
+ let regex = '\%#=' .. re .. pat
+ call search(regex)
+ call assert_fails($"/{regex}\<cr>", 'E486:')
+ endfor
+ endfor
+
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
projects / thirdparty / vim.git / commitdiff
