jakarta-regexp-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacob Eckel" <ec...@dealfusion.com>
Subject A major bug with non-greedy closures (.*?)
Date Wed, 14 Feb 2001 09:47:17 GMT
The bug is reproducible in Regexp 1.2 using the statement:

  RE re = new RE("ABC.*?X+Z");

This will cause an ArrayIndexOutOfBoundsException in
RECompiler.setNextOfEnd().
The actual reason for the exception is the direct casting from char to int
which
causes a negative value to be set as a large positive value into the int.
This may be fixed using a (short) casting:

(short)instruction[node + RE.offsetNext]

The same problem exists also in RECompiler.expr() and
REProgram.setInstructions().

However fixing those problems only brings us to the next one -
an infinite loop in RECompiler.setNextOfEnd(). This is caused by a loop
existing in the instruction linked list. I tried to work on this
but unfortunately was unable to find the source of the problem.
It seams that the line "setNextOfEnd(ret, lenInstruction);" found in
RECompiler.closure() is somehow responsible for the creation of the loop.
Please help...

Jacob Eckel


Mime
View raw message