< prev index next >
src/java.base/share/classes/java/util/regex/Pattern.java
Print this page
rev 55071 : 8224789: Parsing repetition count in regex does not detect numeric overflow
Reviewed-by: rriggs, bchristi
@@ -3269,32 +3269,37 @@
case '*':
return curly(prev, 0);
case '+':
return curly(prev, 1);
case '{':
- ch = temp[cursor+1];
+ ch = skip();
if (ASCII.isDigit(ch)) {
- skip();
- int cmin = 0;
+ int cmin = 0, cmax;
+ try {
do {
- cmin = cmin * 10 + (ch - '0');
+ cmin = Math.addExact(Math.multiplyExact(cmin, 10),
+ ch - '0');
} while (ASCII.isDigit(ch = read()));
- int cmax = cmin;
+ cmax = cmin;
if (ch == ',') {
ch = read();
cmax = MAX_REPS;
if (ch != '}') {
cmax = 0;
while (ASCII.isDigit(ch)) {
- cmax = cmax * 10 + (ch - '0');
+ cmax = Math.addExact(Math.multiplyExact(cmax, 10),
+ ch - '0');
ch = read();
}
}
}
+ } catch (ArithmeticException ae) {
+ throw error("Illegal repetition range");
+ }
if (ch != '}')
throw error("Unclosed counted closure");
- if (((cmin) | (cmax) | (cmax - cmin)) < 0)
+ if (cmax < cmin)
throw error("Illegal repetition range");
Curly curly;
ch = peek();
if (ch == '?') {
next();
< prev index next >