RFR 8224789 : Parsing repetition count in regex does not detect numeric overflow

Ivan Gerasimov ivan.gerasimov at oracle.com
Wed May 29 02:08:45 UTC 2019


Hi Brent!


On 5/28/19 4:06 PM, Brent Christian wrote:
> Hi, Ivan
>
> I agree with Roger that there are more test cases than necessary. 
> Otherwise I think it looks pretty good.
>
Okay.  Then let's make the list of invalid ranges shorter, but add a 
randomly generated value!

Please find the updated webrev here:
http://cr.openjdk.java.net/~igerasim/8224789/01/webrev/

With kind regards,
Ivan

> I find the addExact/multiplyExact code less readable. I'm not sure 
> what could be done about it - maybe some different indentation:
>
> cmin = Math.addExact(
>                      Math.multiplyExact(cmin, 10),
>                      ch - '0');
>
> though that makes for some long lines.  Just a thought.
>
> Thanks,
> -Brent
>
> On 5/24/19 11:28 PM, Ivan Gerasimov wrote:
>> Hello!
>>
>> When Pattern.compile() parses the repetition count in the expressions 
>> like '.{100}', '.{1,2}' or '.{3,}' it fails to detect numeric 
>> overflow if the result is still non-negative.
>>
>> Could you please help review the patch?
>>
>> BUGURL: https://bugs.openjdk.java.net/browse/JDK-8224789
>> WEBREV: http://cr.openjdk.java.net/~igerasim/8224789/00/webrev/
>>
>> Also, reading a char at line 3274 is done with skip(), so the 
>> exception thrown at 3315 displays the position of the error more 
>> accurately.
>>
>

-- 
With kind regards,
Ivan Gerasimov



More information about the core-libs-dev mailing list