Implement pcre2_set_max_pattern_compiled_length() and set this limit in the fuzzer

Author: PhilipHazel

ChangeLog

@@ -29,6 +29,8 @@ example pattern is: /(((?<=123?456456|ABC)))(?<=\2)/
 
    (e) General code tidies.
 
+   (f) Limit the size of compiled patterns to 10MB (see 6 below).
+
 3. Increase the maximum length of a name for a group from 32 to 128 because
 there is a user for whom 32 is too small.
 
@@ -38,6 +40,9 @@ return if either jitverify or info is specified/
 5. Some auxiliary files for building under OpenVMS that were contributed by
 Alexey Chupahin have been installed.
 
+6. Added pcre2_set_max_pattern_compiled_length() to limit the size of compiled
+patterns.
+
 
 Version 10.43 16-February-2024
 ------------------------------

Makefile.am

@@ -82,6 +82,7 @@ dist_html_DATA = \
   doc/html/pcre2_set_glob_separator.html \
   doc/html/pcre2_set_heap_limit.html \
   doc/html/pcre2_set_match_limit.html \
+  doc/html/pcre2_set_max_pattern_compiled_length.html \
   doc/html/pcre2_set_max_pattern_length.html \
   doc/html/pcre2_set_max_varlookbehind.html \
   doc/html/pcre2_set_offset_limit.html \
@@ -180,6 +181,7 @@ dist_man_MANS = \
   doc/pcre2_set_glob_separator.3 \
   doc/pcre2_set_heap_limit.3 \
   doc/pcre2_set_match_limit.3 \
+  doc/pcre2_set_max_pattern_compiled_length.3 \
   doc/pcre2_set_max_pattern_length.3 \
   doc/pcre2_set_max_varlookbehind.3 \
   doc/pcre2_set_offset_limit.3 \

doc/html/index.html

@@ -252,8 +252,11 @@ <h1>Perl-compatible Regular Expressions (revised API: PCRE2)</h1>
 <tr><td><a href="pcre2_set_match_limit.html">pcre2_set_match_limit</a></td>
     <td>&nbsp;&nbsp;Set the match limit</td></tr>
 
+<tr><td><a href="pcre2_set_max_pattern_compiled_length.html">pcre2_set_max_pattern_compiled_length</a></td>
+    <td>&nbsp;&nbsp;Set the maximum length of a compiled pattern</td></tr>
+
 <tr><td><a href="pcre2_set_max_pattern_length.html">pcre2_set_max_pattern_length</a></td>
-    <td>&nbsp;&nbsp;Set the maximum length of pattern</td></tr>
+    <td>&nbsp;&nbsp;Set the maximum length of a pattern</td></tr>
 
 <tr><td><a href="pcre2_set_max_varlookbehind.html">pcre2_set_max_varlookbehind</a></td>
     <td>&nbsp;&nbsp;Set the maximum match length for a variable-length lookbehind</td></tr>

doc/html/pcre2_set_max_pattern_compiled_length.html

@@ -0,0 +1,44 @@
+<html>
+<head>
+<title>pcre2_set_max_pattern_compiled_length specification</title>
+</head>
+<body bgcolor="#FFFFFF" text="#00005A" link="#0066FF" alink="#3399FF" vlink="#2222BB">
+<h1>pcre2_set_max_pattern_compiled_length man page</h1>
+<p>
+Return to the <a href="index.html">PCRE2 index page</a>.
+</p>
+<p>
+This page is part of the PCRE2 HTML documentation. It was generated
+automatically from the original man page. If there is any nonsense in it,
+please consult the man page, in case the conversion went wrong.
+<br>
+<br><b>
+SYNOPSIS
+</b><br>
+<P>
+<b>#include &#60;pcre2.h&#62;</b>
+</P>
+<P>
+<b>int pcre2_set_max_pattern_compiled_length(</b>
+<b>  pcre2_compile_context *<i>ccontext</i>, PCRE2_SIZE <i>value</i>);</b>
+</P>
+<br><b>
+DESCRIPTION
+</b><br>
+<P>
+This function sets, in a compile context, the maximum size (in bytes) for the
+memory needed to hold the compiled version of a pattern that is compiled with
+this context. The result is always zero. If a pattern that is passed to
+<b>pcre2_compile()</b> with this context needs more memory, an error is
+generated. The default is the largest number that a PCRE2_SIZE variable can
+hold, which is effectively unlimited.
+</P>
+<P>
+There is a complete description of the PCRE2 native API in the
+<a href="pcre2api.html"><b>pcre2api</b></a>
+page and a description of the POSIX API in the
+<a href="pcre2posix.html"><b>pcre2posix</b></a>
+page.
+<p>
+Return to the <a href="index.html">PCRE2 index page</a>.
+</p>

doc/html/pcre2api.html

@@ -161,6 +161,10 @@ <h1>pcre2api man page</h1>
 <b>  PCRE2_SIZE <i>value</i>);</b>
 <br>
 <br>
+<b>int pcre2_set_max_pattern_compiled_length(</b>
+<b>  pcre2_compile_context *<i>ccontext</i>, PCRE2_SIZE <i>value</i>);</b>
+<br>
+<br>
 <b>int pcre2_set_max_varlookbehind(pcre2_compile_contest *<i>ccontext</i>,</b>
 <b>"  uint32_t <i>value</i>);</b>
 <br>
@@ -874,6 +878,18 @@ <h1>pcre2api man page</h1>
 PCRE2_SIZE variable can hold, which is effectively unlimited.
 <br>
 <br>
+<b>int pcre2_set_max_pattern_compiled_length(</b>
+<b>  pcre2_compile_context *<i>ccontext</i>, PCRE2_SIZE <i>value</i>);</b>
+<br>
+<br>
+This sets a maximum size, in bytes, for the memory needed to hold the compiled
+version of a pattern that is compiled with this context. If the pattern needs
+more memory, an error is generated. This facility is provided so that
+applications that accept patterns from external sources can limit the amount of
+memory they use. The default is the largest number that a PCRE2_SIZE variable
+can hold, which is effectively unlimited.
+<br>
+<br>
 <b>int pcre2_set_max_varlookbehind(pcre2_compile_contest *<i>ccontext</i>,</b>
 <b>"  uint32_t <i>value</i>);</b>
 <br>
@@ -4161,7 +4177,7 @@ <h1>pcre2api man page</h1>
 </P>
 <br><a name="SEC43" href="#TOC1">REVISION</a><br>
 <P>
-Last updated: 27 January 2024
+Last updated: 24 April 2024
 <br>
 Copyright &copy; 1997-2024 University of Cambridge.
 <br>

doc/html/pcre2test.html

@@ -696,7 +696,9 @@ <h1>pcre2test man page</h1>
       jitfast                   use JIT fast path
       jitverify                 verify JIT use
       locale=&#60;name&#62;             use this locale
-      max_pattern_length=&#60;n&#62;    set maximum pattern length
+      max_pattern_compiled      ) set maximum compiled pattern
+                 _length=&#60;n&#62;    )   length (bytes)
+      max_pattern_length=&#60;n&#62;    set maximum pattern length (code units)
       max_varlookbehind=&#60;n&#62;     set maximum variable lookbehind length
       memory                    show memory used
       newline=&#60;type&#62;            set newline type
@@ -1019,6 +1021,15 @@ <h1>pcre2test man page</h1>
 length of pattern that <b>pcre2_compile()</b> will accept. Breaching the limit
 causes a compilation error. The default is the largest number a PCRE2_SIZE
 variable can hold (essentially unlimited).
+</P>
+<br><b>
+Limiting the size of a compiled pattern
+</b><br>
+<P>
+The <b>max_pattern_compiled_length</b> modifier sets a limit, in bytes, to the
+amount of memory used by a compiled pattern. Breaching the limit causes a
+compilation error. The default is the largest number a PCRE2_SIZE variable can
+hold (essentially unlimited).
 <a name="posixwrapper"></a></P>
 <br><b>
 Using the POSIX wrapper API
@@ -2193,7 +2204,7 @@ <h1>pcre2test man page</h1>
 </P>
 <br><a name="SEC21" href="#TOC1">REVISION</a><br>
 <P>
-Last updated: 27 January 2024
+Last updated: 24 April 2024
 <br>
 Copyright &copy; 1997-2024 University of Cambridge.
 <br>

doc/index.html.src

@@ -252,8 +252,11 @@ in the library.
 <tr><td><a href="pcre2_set_match_limit.html">pcre2_set_match_limit</a></td>
     <td>&nbsp;&nbsp;Set the match limit</td></tr>
 
+<tr><td><a href="pcre2_set_max_pattern_compiled_length.html">pcre2_set_max_pattern_compiled_length</a></td>
+    <td>&nbsp;&nbsp;Set the maximum length of a compiled pattern</td></tr>
+
 <tr><td><a href="pcre2_set_max_pattern_length.html">pcre2_set_max_pattern_length</a></td>
-    <td>&nbsp;&nbsp;Set the maximum length of pattern</td></tr>
+    <td>&nbsp;&nbsp;Set the maximum length of a pattern</td></tr>
 
 <tr><td><a href="pcre2_set_max_varlookbehind.html">pcre2_set_max_varlookbehind</a></td>
     <td>&nbsp;&nbsp;Set the maximum match length for a variable-length lookbehind</td></tr>

doc/pcre2.txt

@@ -283,6 +283,9 @@ PCRE2 NATIVE API COMPILE CONTEXT FUNCTIONS
        int pcre2_set_max_pattern_length(pcre2_compile_context *ccontext,
          PCRE2_SIZE value);
 
+       int pcre2_set_max_pattern_compiled_length(
+         pcre2_compile_context *ccontext, PCRE2_SIZE value);
+
        int pcre2_set_max_varlookbehind(pcre2_compile_contest *ccontext,
          uint32_t value);
 
@@ -912,6 +915,17 @@ PCRE2 CONTEXTS
        largest number that a PCRE2_SIZE variable can  hold,  which  is  effec-
        tively unlimited.
 
+       int pcre2_set_max_pattern_compiled_length(
+         pcre2_compile_context *ccontext, PCRE2_SIZE value);
+
+       This  sets  a maximum size, in bytes, for the memory needed to hold the
+       compiled version of a pattern that is compiled with  this  context.  If
+       the  pattern needs more memory, an error is generated. This facility is
+       provided so  that  applications  that  accept  patterns  from  external
+       sources  can  limit  the  amount of memory they use. The default is the
+       largest number that a PCRE2_SIZE variable can  hold,  which  is  effec-
+       tively unlimited.
+
        int pcre2_set_max_varlookbehind(pcre2_compile_contest *ccontext,
          uint32_t value);
 
@@ -3998,11 +4012,11 @@ AUTHOR
 
 REVISION
 
-       Last updated: 27 January 2024
+       Last updated: 24 April 2024
        Copyright (c) 1997-2024 University of Cambridge.
 
 
-PCRE2 10.43                     27 January 2024                    PCRE2API(3)
+PCRE2 10.44                      24 April 2024                     PCRE2API(3)
 ------------------------------------------------------------------------------
 
 

doc/pcre2_set_max_pattern_compiled_length.3

@@ -0,0 +1,32 @@
+.TH PCRE2_SET_MAX_PATTERN_COMPILED_LENGTH 3 "24 April 2024" "PCRE2 10.44"
+.SH NAME
+PCRE2 - Perl-compatible regular expressions (revised API)
+.SH SYNOPSIS
+.rs
+.sp
+.B #include <pcre2.h>
+.PP
+.nf
+.B int pcre2_set_max_pattern_compiled_length(
+.B "  pcre2_compile_context *\fIccontext\fP, PCRE2_SIZE \fIvalue\fP);"
+.fi
+.
+.SH DESCRIPTION
+.rs
+.sp
+This function sets, in a compile context, the maximum size (in bytes) for the
+memory needed to hold the compiled version of a pattern that is compiled with
+this context. The result is always zero. If a pattern that is passed to
+\fBpcre2_compile()\fP with this context needs more memory, an error is
+generated. The default is the largest number that a PCRE2_SIZE variable can
+hold, which is effectively unlimited.
+.P
+There is a complete description of the PCRE2 native API in the
+.\" HREF
+\fBpcre2api\fP
+.\"
+page and a description of the POSIX API in the
+.\" HREF
+\fBpcre2posix\fP
+.\"
+page.

doc/pcre2api.3

@@ -1,4 +1,4 @@
-.TH PCRE2API 3 "27 January 2024" "PCRE2 10.43"
+.TH PCRE2API 3 "24 April 2024" "PCRE2 10.44"
 .SH NAME
 PCRE2 - Perl-compatible regular expressions (revised API)
 .sp
@@ -101,6 +101,9 @@ document for an overview of all the PCRE2 documentation.
 .B int pcre2_set_max_pattern_length(pcre2_compile_context *\fIccontext\fP,
 .B "  PCRE2_SIZE \fIvalue\fP);"
 .sp
+.B int pcre2_set_max_pattern_compiled_length(
+.B "  pcre2_compile_context *\fIccontext\fP, PCRE2_SIZE \fIvalue\fP);"
+.sp
 .B int pcre2_set_max_varlookbehind(pcre2_compile_contest *\fIccontext\fP,
 .B "  uint32_t \fIvalue\fP);
 .sp
@@ -805,6 +808,18 @@ external sources can limit their size. The default is the largest number that a
 PCRE2_SIZE variable can hold, which is effectively unlimited.
 .sp
 .nf
+.B int pcre2_set_max_pattern_compiled_length(
+.B "  pcre2_compile_context *\fIccontext\fP, PCRE2_SIZE \fIvalue\fP);"
+.fi
+.sp
+This sets a maximum size, in bytes, for the memory needed to hold the compiled
+version of a pattern that is compiled with this context. If the pattern needs
+more memory, an error is generated. This facility is provided so that
+applications that accept patterns from external sources can limit the amount of
+memory they use. The default is the largest number that a PCRE2_SIZE variable
+can hold, which is effectively unlimited.
+.sp
+.nf
 .B int pcre2_set_max_varlookbehind(pcre2_compile_contest *\fIccontext\fP,
 .B "  uint32_t \fIvalue\fP);
 .fi
@@ -4167,6 +4182,6 @@ Cambridge, England.
 .rs
 .sp
 .nf
-Last updated: 27 January 2024
+Last updated: 24 April 2024
 Copyright (c) 1997-2024 University of Cambridge.
 .fi

doc/pcre2demo.3

@@ -1,4 +1,4 @@
-.TH PCRE2DEMO 3 "16 April 2024" "PCRE2 10.43"
+.TH PCRE2DEMO 3 "24 April 2024" "PCRE2 10.43"
 .\"AUTOMATICALLY GENERATED BY PrepareRelease - do not EDIT!
 .SH NAME
 PCRE2DEMO - A demonstration C program for PCRE2

doc/pcre2test.1

@@ -1,4 +1,4 @@
-.TH PCRE2TEST 1 "27 January 2024" "PCRE 10.43"
+.TH PCRE2TEST 1 "24 April 2024" "PCRE 10.44"
 .SH NAME
 pcre2test - a program for testing Perl-compatible regular expressions.
 .SH SYNOPSIS
@@ -652,7 +652,9 @@ heavily used in the test files.
       jitfast                   use JIT fast path
       jitverify                 verify JIT use
       locale=<name>             use this locale
-      max_pattern_length=<n>    set maximum pattern length
+      max_pattern_compiled      ) set maximum compiled pattern
+                 _length=<n>    )   length (bytes)
+      max_pattern_length=<n>    set maximum pattern length (code units)
       max_varlookbehind=<n>     set maximum variable lookbehind length
       memory                    show memory used
       newline=<type>            set newline type
@@ -976,6 +978,15 @@ causes a compilation error. The default is the largest number a PCRE2_SIZE
 variable can hold (essentially unlimited).
 .
 .
+.SS "Limiting the size of a compiled pattern"
+.rs
+.sp
+The \fBmax_pattern_compiled_length\fP modifier sets a limit, in bytes, to the
+amount of memory used by a compiled pattern. Breaching the limit causes a
+compilation error. The default is the largest number a PCRE2_SIZE variable can
+hold (essentially unlimited).
+.
+.
 .\" HTML <a name="posixwrapper"></a>
 .SS "Using the POSIX wrapper API"
 .rs
@@ -2170,6 +2181,6 @@ Cambridge, England.
 .rs
 .sp
 .nf
-Last updated: 27 January 2024
+Last updated: 24 April 2024
 Copyright (c) 1997-2024 University of Cambridge.
 .fi