bug#34373: 26.1; Missing range check in rx-submatch-n

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

bug#34373: 26.1; Missing range check in rx-submatch-n

Mattias Engdegård-2
`rx' should protect its own abstractions and never generate an invalid regexp, but will if given a bad submatch number:

(rx (group-n 0 "x"))
=> "\\(?0:x\\)"

It's a missing range check in rx-submatch-n.

In GNU Emacs 26.1 (build 1, x86_64-apple-darwin14.5.0, NS appkit-1348.17 Version 10.10.5 (Build 14F2511))
 of 2018-05-31 built on builder10-10.porkrind.org
Windowing system distributor 'Apple', version 10.3.1671




Reply | Threaded
Open this post in threaded view
|

bug#34373: Acknowledgement (26.1; Missing range check in rx-submatch-n)

Andy Moreton-3
On Thu 07 Feb 2019, Mattias Engdegård wrote:

> Patch.
>
> From cc7bbab39595b117f6f2ed2bcf5ea1782060e574 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Mattias=20Engdeg=C3=A5rd?= <[hidden email]>
> Date: Thu, 7 Feb 2019 19:05:06 +0100
> Subject: [PATCH] Check validity of rx submatch-n number
>
> * lisp/emacs-lisp/rx.el (rx-submatch): Type and range check (Bug#34373).
> ---
>  lisp/emacs-lisp/rx.el | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/lisp/emacs-lisp/rx.el b/lisp/emacs-lisp/rx.el
> index 8b4551d0d3..d47beed975 100644
> --- a/lisp/emacs-lisp/rx.el
> +++ b/lisp/emacs-lisp/rx.el
> @@ -705,6 +705,8 @@ FORM is either `(repeat N FORM1)' or `(repeat N M FORMS...)'."
>  (defun rx-submatch-n (form)
>    "Parse and produce code from FORM, which is `(submatch-n N ...)'."
>    (let ((n (nth 1 form)))
> +    (unless (and (integerp n) (> n 0))
> +      (error "rx `submatch-n' argument must be positive"))
>      (concat "\\(?" (number-to-string n) ":"
>      (if (= 3 (length form))
>   ;; Only one sub-form.

You could use (natnump n) instead.

    AndyM