RFR 8224789 : Parsing repetition count in regex does not detect numeric overflow
Ivan Gerasimov
ivan.gerasimov at oracle.com
Wed May 29 02:08:45 UTC 2019
Hi Brent!
On 5/28/19 4:06 PM, Brent Christian wrote:
> Hi, Ivan
>
> I agree with Roger that there are more test cases than necessary.
> Otherwise I think it looks pretty good.
>
Okay. Then let's make the list of invalid ranges shorter, but add a
randomly generated value!
Please find the updated webrev here:
http://cr.openjdk.java.net/~igerasim/8224789/01/webrev/
With kind regards,
Ivan
> I find the addExact/multiplyExact code less readable. I'm not sure
> what could be done about it - maybe some different indentation:
>
> cmin = Math.addExact(
> Math.multiplyExact(cmin, 10),
> ch - '0');
>
> though that makes for some long lines. Just a thought.
>
> Thanks,
> -Brent
>
> On 5/24/19 11:28 PM, Ivan Gerasimov wrote:
>> Hello!
>>
>> When Pattern.compile() parses the repetition count in the expressions
>> like '.{100}', '.{1,2}' or '.{3,}' it fails to detect numeric
>> overflow if the result is still non-negative.
>>
>> Could you please help review the patch?
>>
>> BUGURL: https://bugs.openjdk.java.net/browse/JDK-8224789
>> WEBREV: http://cr.openjdk.java.net/~igerasim/8224789/00/webrev/
>>
>> Also, reading a char at line 3274 is done with skip(), so the
>> exception thrown at 3315 displays the position of the error more
>> accurately.
>>
>
--
With kind regards,
Ivan Gerasimov
More information about the core-libs-dev
mailing list