fuzz: compiling '\P{any}' panics by tripping an assertion in the compiler #722

BurntSushi · 2020-10-19T13:06:52Z

Specifically, this one:

Line 419 in a7ef5f4

assert!(!ranges.is_empty());

Normally, regexes like [^\w\W] with empty classes are banned at translation time. But it looks like \P{any} (which is empty) slipped through. So we should just improve the ban to cover that case.

However, empty character classes are occasionally useful constructs for injecting a "fail" sub-pattern into a regex, typically in the context of cases where regexes are generated. Indeed, the NFA compiler in regex-automata handles this case fine:

$ regex-cli debug nfa thompson '\P{any}' -B
      parse time:  48.809µs
  translate time:  17.48µs
compile nfa time:  18.638µs
   pattern count:  1

thompson::NFA(
>000000: alt(2, 1)
 000001: \x00-\xff => 0
^000002: sparse()
 000003: MATCH(0)
)

Where it's impossible to ever move past state 2. Arguably, it might be nicer if it were an explicit "fail" instruction, but an empty sparse instruction (a state with no outgoing transitions) serves the purpose as well.

So once #656 is done, we should be able to relax this restriction.

This bug was found by OSS-Fuzz.

The text was updated successfully, but these errors were encountered:

BurntSushi added the bug label Oct 19, 2020

BurntSushi closed this as completed in 6fdb6e1 Nov 1, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fuzz: compiling '\P{any}' panics by tripping an assertion in the compiler #722

fuzz: compiling '\P{any}' panics by tripping an assertion in the compiler #722

BurntSushi commented Oct 19, 2020 •

edited

fuzz: compiling '\P{any}' panics by tripping an assertion in the compiler #722

fuzz: compiling '\P{any}' panics by tripping an assertion in the compiler #722

Comments

BurntSushi commented Oct 19, 2020 • edited

BurntSushi commented Oct 19, 2020 •

edited