< prev index next >
src/java.base/share/classes/java/util/regex/Pattern.java
Print this page
rev 55071 : 8224789: Parsing repetition count in regex does not detect numeric overflow
Reviewed-by: rriggs, bchristi
*** 3269,3300 ****
case '*':
return curly(prev, 0);
case '+':
return curly(prev, 1);
case '{':
! ch = temp[cursor+1];
if (ASCII.isDigit(ch)) {
! skip();
! int cmin = 0;
do {
! cmin = cmin * 10 + (ch - '0');
} while (ASCII.isDigit(ch = read()));
! int cmax = cmin;
if (ch == ',') {
ch = read();
cmax = MAX_REPS;
if (ch != '}') {
cmax = 0;
while (ASCII.isDigit(ch)) {
! cmax = cmax * 10 + (ch - '0');
ch = read();
}
}
}
if (ch != '}')
throw error("Unclosed counted closure");
! if (((cmin) | (cmax) | (cmax - cmin)) < 0)
throw error("Illegal repetition range");
Curly curly;
ch = peek();
if (ch == '?') {
next();
--- 3269,3305 ----
case '*':
return curly(prev, 0);
case '+':
return curly(prev, 1);
case '{':
! ch = skip();
if (ASCII.isDigit(ch)) {
! int cmin = 0, cmax;
! try {
do {
! cmin = Math.addExact(Math.multiplyExact(cmin, 10),
! ch - '0');
} while (ASCII.isDigit(ch = read()));
! cmax = cmin;
if (ch == ',') {
ch = read();
cmax = MAX_REPS;
if (ch != '}') {
cmax = 0;
while (ASCII.isDigit(ch)) {
! cmax = Math.addExact(Math.multiplyExact(cmax, 10),
! ch - '0');
ch = read();
}
}
}
+ } catch (ArithmeticException ae) {
+ throw error("Illegal repetition range");
+ }
if (ch != '}')
throw error("Unclosed counted closure");
! if (cmax < cmin)
throw error("Illegal repetition range");
Curly curly;
ch = peek();
if (ch == '?') {
next();
< prev index next >