Fix an unsigned integer overflow in regex that lead to a bad memory access. Found by OSS-Fuzz

git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@316191 91177308-0d34-0410-b5e6-96231b3b80d8
2025-10-24 03:32:35 +08:00 · 2017-10-19 22:10:41 +00:00
parent 278c0ba4a6
commit 24c7353aa9
2 changed files with 12 additions and 5 deletions
--- a/test/std/re/re.regex/re.regex.construct/bad_backref.pass.cpp
+++ b/test/std/re/re.regex/re.regex.construct/bad_backref.pass.cpp
@@ -34,6 +34,7 @@ int main()
 {
    assert(error_badbackref_thrown("\\1abc"));      // no references
    assert(error_badbackref_thrown("ab(c)\\2def")); // only one reference
+    assert(error_badbackref_thrown("\\800000000000000000000000000000")); // overflows

 //  this should NOT throw, because we only should look at the '1'
 //  See https://bugs.llvm.org/show_bug.cgi?id=31387