summaryrefslogtreecommitdiff
path: root/harnesses
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff.email>2022-05-04 22:17:30 +0200
committerJörg Frings-Fürst <debian@jff.email>2022-05-04 22:17:30 +0200
commitb94fff3e1fa9f446b4d084988600836eaa686c0a (patch)
tree1ef234abd95f46744da8f6edad1ec438f5fe3ea9 /harnesses
parent89374f06e12f3094feac8a6a7f95a58c348f63eb (diff)
parentbeb0a893d66abd79c495d3425746fe0e237ed848 (diff)
Merge branch 'release/debian/6.9.8-1'debian/6.9.8-1
Diffstat (limited to 'harnesses')
-rw-r--r--harnesses/base.c45
-rw-r--r--harnesses/libfuzzer-onig.cpp2
2 files changed, 37 insertions, 10 deletions
diff --git a/harnesses/base.c b/harnesses/base.c
index 70f98f7..78a157a 100644
--- a/harnesses/base.c
+++ b/harnesses/base.c
@@ -148,6 +148,8 @@ dump_data(FILE* fp, unsigned char* data, int len)
if (isprint((int )c)) {
if (c == '\\')
fprintf(fp, " '\\\\'");
+ else if (c == '\'')
+ fprintf(fp, " '\\''");
else
fprintf(fp, " '%c'", c);
}
@@ -199,6 +201,38 @@ each_match_callback_func(const UChar* str, const UChar* end,
return ONIG_NORMAL;
}
+static unsigned int calc_retry_limit(sl, len)
+{
+ unsigned int r;
+ unsigned int upper;
+ int heavy;
+
+ heavy = sl >> 8;
+ sl &= 0xff;
+ sl += heavy;
+
+ upper = BASE_RETRY_LIMIT;
+ if (sl == 2) {
+ upper = SLOW_RETRY_LIMIT;
+ }
+ else if (sl > 2) {
+ upper = SLOW_RETRY_LIMIT * 3 / sl;
+ if (upper <= 10) upper = 10;
+ }
+
+ if (len < BASE_LENGTH) {
+ r = BASE_RETRY_LIMIT;
+ }
+ else {
+ r = BASE_RETRY_LIMIT * BASE_LENGTH / len;
+ }
+
+ if (r > upper)
+ r = upper;
+
+ return r;
+}
+
static int
search(regex_t* reg, unsigned char* str, unsigned char* end, OnigOptionType options, int backward, int sl)
{
@@ -211,14 +245,7 @@ search(regex_t* reg, unsigned char* str, unsigned char* end, OnigOptionType opti
region = onig_region_new();
len = (size_t )(end - str);
- if (len < BASE_LENGTH) {
- if (sl >= 2)
- retry_limit = (unsigned int )SLOW_RETRY_LIMIT;
- else
- retry_limit = (unsigned int )BASE_RETRY_LIMIT;
- }
- else
- retry_limit = (unsigned int )(BASE_RETRY_LIMIT * BASE_LENGTH / len);
+ retry_limit = calc_retry_limit(sl, len);
#ifdef STANDALONE
fprintf(stdout, "retry limit: %u\n", retry_limit);
@@ -376,7 +403,7 @@ alloc_exec(OnigEncoding enc, OnigOptionType options, OnigSyntaxType* syntax,
fprintf(stdout, "sl: %d\n", sl);
#endif
if (sl > 0) {
- if (sl >= 100) {
+ if (sl >= 256) { // 256: exists heavy element
if (rem_size > MAX_SLOW_REM_SIZE2)
rem_size = MAX_SLOW_REM_SIZE2;
}
diff --git a/harnesses/libfuzzer-onig.cpp b/harnesses/libfuzzer-onig.cpp
index 526c826..52a6848 100644
--- a/harnesses/libfuzzer-onig.cpp
+++ b/harnesses/libfuzzer-onig.cpp
@@ -29,9 +29,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t * Data, size_t Size)
#ifdef FULL_TEST
onig_initialize(&enc, 1);
+#endif
onig_set_retry_limit_in_match(120);
onig_set_parse_depth_limit(120);
-#endif
if (onig_new(&reg, Data, Data + Size, ONIG_OPTION_DEFAULT, enc,
ONIG_SYNTAX_DEFAULT, 0) == 0)