diff options
author | Jörg Frings-Fürst <debian@jff.email> | 2022-05-04 22:17:30 +0200 |
---|---|---|
committer | Jörg Frings-Fürst <debian@jff.email> | 2022-05-04 22:17:30 +0200 |
commit | b94fff3e1fa9f446b4d084988600836eaa686c0a (patch) | |
tree | 1ef234abd95f46744da8f6edad1ec438f5fe3ea9 /harnesses | |
parent | 89374f06e12f3094feac8a6a7f95a58c348f63eb (diff) | |
parent | beb0a893d66abd79c495d3425746fe0e237ed848 (diff) |
Merge branch 'release/debian/6.9.8-1'debian/6.9.8-1
Diffstat (limited to 'harnesses')
-rw-r--r-- | harnesses/base.c | 45 | ||||
-rw-r--r-- | harnesses/libfuzzer-onig.cpp | 2 |
2 files changed, 37 insertions, 10 deletions
diff --git a/harnesses/base.c b/harnesses/base.c index 70f98f7..78a157a 100644 --- a/harnesses/base.c +++ b/harnesses/base.c @@ -148,6 +148,8 @@ dump_data(FILE* fp, unsigned char* data, int len) if (isprint((int )c)) { if (c == '\\') fprintf(fp, " '\\\\'"); + else if (c == '\'') + fprintf(fp, " '\\''"); else fprintf(fp, " '%c'", c); } @@ -199,6 +201,38 @@ each_match_callback_func(const UChar* str, const UChar* end, return ONIG_NORMAL; } +static unsigned int calc_retry_limit(sl, len) +{ + unsigned int r; + unsigned int upper; + int heavy; + + heavy = sl >> 8; + sl &= 0xff; + sl += heavy; + + upper = BASE_RETRY_LIMIT; + if (sl == 2) { + upper = SLOW_RETRY_LIMIT; + } + else if (sl > 2) { + upper = SLOW_RETRY_LIMIT * 3 / sl; + if (upper <= 10) upper = 10; + } + + if (len < BASE_LENGTH) { + r = BASE_RETRY_LIMIT; + } + else { + r = BASE_RETRY_LIMIT * BASE_LENGTH / len; + } + + if (r > upper) + r = upper; + + return r; +} + static int search(regex_t* reg, unsigned char* str, unsigned char* end, OnigOptionType options, int backward, int sl) { @@ -211,14 +245,7 @@ search(regex_t* reg, unsigned char* str, unsigned char* end, OnigOptionType opti region = onig_region_new(); len = (size_t )(end - str); - if (len < BASE_LENGTH) { - if (sl >= 2) - retry_limit = (unsigned int )SLOW_RETRY_LIMIT; - else - retry_limit = (unsigned int )BASE_RETRY_LIMIT; - } - else - retry_limit = (unsigned int )(BASE_RETRY_LIMIT * BASE_LENGTH / len); + retry_limit = calc_retry_limit(sl, len); #ifdef STANDALONE fprintf(stdout, "retry limit: %u\n", retry_limit); @@ -376,7 +403,7 @@ alloc_exec(OnigEncoding enc, OnigOptionType options, OnigSyntaxType* syntax, fprintf(stdout, "sl: %d\n", sl); #endif if (sl > 0) { - if (sl >= 100) { + if (sl >= 256) { // 256: exists heavy element if (rem_size > MAX_SLOW_REM_SIZE2) rem_size = MAX_SLOW_REM_SIZE2; } diff --git a/harnesses/libfuzzer-onig.cpp b/harnesses/libfuzzer-onig.cpp index 526c826..52a6848 100644 --- a/harnesses/libfuzzer-onig.cpp +++ b/harnesses/libfuzzer-onig.cpp @@ -29,9 +29,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t * Data, size_t Size) #ifdef FULL_TEST onig_initialize(&enc, 1); +#endif onig_set_retry_limit_in_match(120); onig_set_parse_depth_limit(120); -#endif if (onig_new(®, Data, Data + Size, ONIG_OPTION_DEFAULT, enc, ONIG_SYNTAX_DEFAULT, 0) == 0) |