| Index: source/i18n/rematch.cpp |
| =================================================================== |
| --- source/i18n/rematch.cpp (revision 98343) |
| +++ source/i18n/rematch.cpp (working copy) |
| @@ -5598,6 +5598,7 @@ |
| const UChar *foldChars = NULL; |
| int32_t foldOffset, foldLength; |
| UChar32 c; |
| + UBool c_is_valid = FALSE; |
| |
| #ifdef REGEX_SMART_BACKTRACKING |
| int32_t originalInputIdx = fp->fInputIdx; |
| @@ -5607,23 +5608,31 @@ |
| foldOffset = foldLength = 0; |
| |
| while (patternChars < patternEnd && success) { |
| - if(foldOffset < foldLength) { |
| - U16_NEXT_UNSAFE(foldChars, foldOffset, c); |
| - } else { |
| - U16_NEXT(inputBuf, fp->fInputIdx, fActiveLimit, c); |
| - foldLength = ucase_toFullFolding(csp, c, &foldChars, U_FOLD_CASE_DEFAULT); |
| - if(foldLength >= 0) { |
| - if(foldLength <= UCASE_MAX_STRING_LENGTH) { // !!!: Does not correctly handle chars that fold to 0-length strings |
| - foldOffset = 0; |
| - U16_NEXT_UNSAFE(foldChars, foldOffset, c); |
| - } else { |
| - c = foldLength; |
| - foldLength = foldOffset; // to avoid reading chars from the folding buffer |
| + if (fp->fInputIdx < fActiveLimit) { // don't read past end of string |
| + if(foldOffset < foldLength) { |
| + U16_NEXT_UNSAFE(foldChars, foldOffset, c); |
| + c_is_valid = TRUE; |
| + } else { |
| + // test pre-condition of U16_NEXT: i < length |
| + U_ASSERT(fp->fInputIdx < fActiveLimit); |
| + U16_NEXT(inputBuf, fp->fInputIdx, fActiveLimit, c); |
| + c_is_valid = TRUE; |
| + foldLength = ucase_toFullFolding(csp, c, &foldChars, U_FOLD_CASE_DEFAULT); |
| + if(foldLength >= 0) { |
| + if(foldLength <= UCASE_MAX_STRING_LENGTH) { // !!!: Does not correctly handle chars that fold to 0-length strings |
| + foldOffset = 0; |
| + U16_NEXT_UNSAFE(foldChars, foldOffset, c); |
| + } else { |
| + c = foldLength; |
| + foldLength = foldOffset; // to avoid reading chars from the folding buffer |
| + } |
| } |
| } |
| + } else { |
| + c_is_valid = FALSE; |
| } |
| |
| - if (fp->fInputIdx <= fActiveLimit) { |
| + if (fp->fInputIdx <= fActiveLimit && c_is_valid) { |
| if (U_IS_BMP(c)) { |
| success = (*patternChars == c); |
| patternChars += 1; |
| @@ -6070,4 +6079,3 @@ |
| U_NAMESPACE_END |
| |
| #endif // !UCONFIG_NO_REGULAR_EXPRESSIONS |
| - |