Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: rust-lang/regex
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.5.4
Choose a base ref
...
head repository: rust-lang/regex
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1.5.5
Choose a head ref
  • 12 commits
  • 14 files changed
  • 5 contributors

Commits on May 14, 2021

  1. fuzz: bump libfuzzer-sys dependency 

    This is a half-hearted attempt to fix a build failure that I don't
understand in OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34294

cc @DavidKorczynski
    @BurntSushi
    BurntSushi committed May 14, 2021
    Configuration menu
    Copy the full SHA
    6cdb904 View commit details
    Browse the repository at this point in the history

Commits on Jun 26, 2021

  1. dfa: remove some redundant branches 

    I discovered these while reviewing the code to prep for the rewrite
in regex-automata.
    @BurntSushi
    BurntSushi committed Jun 26, 2021
    Configuration menu
    Copy the full SHA
    fce37e4 View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2021

  1. readme: fix badges 

    Fixes #797, Fixes #798
    @BurntSushi
    BurntSushi committed Jul 23, 2021
    Configuration menu
    Copy the full SHA
    bd0a142 View commit details
    Browse the repository at this point in the history

  2. fuzz: try to fix build issue 

    Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36474
See: https://oss-fuzz-build-logs.storage.googleapis.com/log-fe51f615-a13f-4685-b8d8-de4583da1ebd.txt
    @BurntSushi
    BurntSushi committed Jul 23, 2021
    Configuration menu
    Copy the full SHA
    bd74660 View commit details
    Browse the repository at this point in the history

  3. readme: remove broken badge 

    This was missed in bd0a142.

Fixes #797 (again)
    @atouchet
    atouchet authored Jul 23, 2021
    Configuration menu
    Copy the full SHA
    d6bc7a4 View commit details
    Browse the repository at this point in the history

Commits on Nov 2, 2021

  1. syntax/doc: fix 'their' typo

    @isker
    isker authored Nov 2, 2021
    Configuration menu
    Copy the full SHA
    63ee669 View commit details
    Browse the repository at this point in the history

Commits on Nov 15, 2021

  1. doc: fix typo 

    PR #814
    @autarch
    autarch authored Nov 15, 2021
    Configuration menu
    Copy the full SHA
    3662851 View commit details
    Browse the repository at this point in the history

Commits on Nov 17, 2021

  1. fuzz: do not use inherits in Cargo.toml 

    This fixes the oss-fuzz build.

Specifically, the build log[1] showed this error:

    Step #3 - "compile-libfuzzer-address-x86_64": error: inherits must
    not be specified in root profile dev

So we just remove it and inline the settings.

PR #817

[1] - https://oss-fuzz-build-logs.storage.googleapis.com/log-c9b61873-8950-4a50-a729-820d5617ff7a.txt
    @catenacyber
    catenacyber authored Nov 17, 2021
    Configuration menu
    Copy the full SHA
    5197f21 View commit details
    Browse the repository at this point in the history

Commits on Feb 25, 2022

  1. syntax: fix 'unused' warnings 

    It looks like the dead code detector got smarter. We never ended up
using the 'printer' field in these visitors, so just get rid of it.
    @BurntSushi
    BurntSushi committed Feb 25, 2022
    Configuration menu
    Copy the full SHA
    f6e52da View commit details
    Browse the repository at this point in the history

Commits on Mar 3, 2022

  1. cargo: use SPDX license format 

    We were previously using '/' to indicate the dual licensing
scheme, but I guess we're now supposed to use 'OR'.

PR #843
    @atouchet
    atouchet authored Mar 3, 2022
    Configuration menu
    Copy the full SHA
    b92ffd5 View commit details
    Browse the repository at this point in the history

  2. security: fix denial-of-service bug in compiler 

    The regex compiler will happily attempt to compile '(?:){294967295}' by
compiling the empty sub-expression 294,967,295 times. Empty
sub-expressions don't use any memory in the current implementation, so
this doesn't trigger the pre-existing machinery for stopping compilation
early if the regex object gets too big. The end result is that while
compilation will eventually succeed, it takes a very long time to do so.

In this commit, we fix this problem by adding a fake amount of memory
every time we compile an empty sub-expression. It turns out we were
already tracking an additional amount of indirect heap usage via
'extra_inst_bytes' in the compiler, so we just make it look like
compiling an empty sub-expression actually adds an additional 'Inst' to
the compiled regex object.

This has the effect of causing the regex compiler to reject this sort of
regex in a reasonable amount of time by default.

Many thanks to @VTCAKAVSMoACE for reporting this, providing the valuable
test cases and continuing to test this patch as it was developed.

Fixes GHSA-m5pq-gvj9-9vr8
    @BurntSushi
    BurntSushi committed Mar 3, 2022
    Configuration menu
    Copy the full SHA
    ae70b41 View commit details
    Browse the repository at this point in the history

Commits on Mar 8, 2022

  1. 1.5.5

    @BurntSushi
    BurntSushi committed Mar 8, 2022
    Configuration menu
    Copy the full SHA
    d130381 View commit details
    Browse the repository at this point in the history
Loading