Skip to content

Commit 2e7e8c4

Browse files
committed
Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec
1 parent eb39c43 commit 2e7e8c4

File tree

8 files changed

+14
-12
lines changed

8 files changed

+14
-12
lines changed

Diff for: CHANGES

+4-1
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,11 @@ Version 2.7.4
3838
- Limit recursion with nesting Ruby heredocs (#1638)
3939
- Fix a few inefficient regexes for guessing lexers
4040
- Fix the raw token lexer handling of Unicode (#1616)
41-
- Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!
41+
- Revert a private API change in the HTML formatter (#1655) --
42+
please note that private APIs remain subject to change!
4243
- Add Dracula theme style (#1636)
44+
- Fix several exponential/cubic-complexity regexes found by
45+
Ben Caller/Doyensec (#1675)
4346

4447
Thanks to Google's OSS-Fuzz project for finding many of these bugs.
4548

Diff for: pygments/lexers/archetype.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ class AtomsLexer(RegexLexer):
5858
(r'P((\d*(\.\d+)?[YyMmWwDd]){1,3}(T(\d*(\.\d+)?[HhMmSs]){,3})?|'
5959
r'T(\d*(\.\d+)?[HhMmSs]){,3})', Literal.Date),
6060
(r'[+-]?(\d+\.\d*|\.\d+|\d+)[eE][+-]?\d+', Number.Float),
61-
(r'[+-]?(\d+)*\.\d+%?', Number.Float),
61+
(r'[+-]?\d*\.\d+%?', Number.Float),
6262
(r'0x[0-9a-fA-F]+', Number.Hex),
6363
(r'[+-]?\d+%?', Number.Integer),
6464
],

Diff for: pygments/lexers/factor.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -265,7 +265,7 @@ class FactorLexer(RegexLexer):
265265
(r'(?:<PRIVATE|PRIVATE>)\s', Keyword.Namespace),
266266

267267
# strings
268-
(r'"""\s+(?:.|\n)*?\s+"""', String),
268+
(r'"""\s(?:.|\n)*?\s"""', String),
269269
(r'"(?:\\\\|\\"|[^"])*"', String),
270270
(r'\S+"\s+(?:\\\\|\\"|[^"])*"', String),
271271
(r'CHAR:\s+(?:\\[\\abfnrstv]|[^\\]\S*)\s', String.Char),
@@ -322,7 +322,7 @@ class FactorLexer(RegexLexer):
322322
'slots': [
323323
(r'\s+', Text),
324324
(r';\s', Keyword, '#pop'),
325-
(r'(\{\s+)(\S+)(\s+[^}]+\s+\}\s)',
325+
(r'(\{\s+)(\S+)(\s[^}]+\s\}\s)',
326326
bygroups(Text, Name.Variable, Text)),
327327
(r'\S+', Name.Variable),
328328
],

Diff for: pygments/lexers/jvm.py

-1
Original file line numberDiff line numberDiff line change
@@ -981,7 +981,6 @@ class CeylonLexer(RegexLexer):
981981
(r'(import)(\s+)', bygroups(Keyword.Namespace, Text), 'import'),
982982
(r'"(\\\\|\\[^\\]|[^"\\])*"', String),
983983
(r"'\\.'|'[^\\]'|'\\\{#[0-9a-fA-F]{4}\}'", String.Char),
984-
(r'".*``.*``.*"', String.Interpol),
985984
(r'(\.)([a-z_]\w*)',
986985
bygroups(Operator, Name.Attribute)),
987986
(r'[a-zA-Z_]\w*:', Name.Label),

Diff for: pygments/lexers/matlab.py

+3-3
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ class MatlabLexer(RegexLexer):
137137
(r'.', Comment.Multiline),
138138
],
139139
'deffunc': [
140-
(r'(\s*)(?:(.+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
140+
(r'(\s*)(?:(\S+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
141141
bygroups(Whitespace, Text, Whitespace, Punctuation,
142142
Whitespace, Name.Function, Punctuation, Text,
143143
Punctuation, Whitespace), '#pop'),
@@ -638,7 +638,7 @@ class OctaveLexer(RegexLexer):
638638
(r"[^']*'", String, '#pop'),
639639
],
640640
'deffunc': [
641-
(r'(\s*)(?:(.+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
641+
(r'(\s*)(?:(\S+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
642642
bygroups(Whitespace, Text, Whitespace, Punctuation,
643643
Whitespace, Name.Function, Punctuation, Text,
644644
Punctuation, Whitespace), '#pop'),
@@ -710,7 +710,7 @@ class ScilabLexer(RegexLexer):
710710
(r'.', String, '#pop'),
711711
],
712712
'deffunc': [
713-
(r'(\s*)(?:(.+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
713+
(r'(\s*)(?:(\S+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
714714
bygroups(Whitespace, Text, Whitespace, Punctuation,
715715
Whitespace, Name.Function, Punctuation, Text,
716716
Punctuation, Whitespace), '#pop'),

Diff for: pygments/lexers/objective.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -261,11 +261,11 @@ class LogosLexer(ObjectiveCppLexer):
261261
'logos_classname'),
262262
(r'(%hook|%group)(\s+)([a-zA-Z$_][\w$]+)',
263263
bygroups(Keyword, Text, Name.Class)),
264-
(r'(%config)(\s*\(\s*)(\w+)(\s*=\s*)(.*?)(\s*\)\s*)',
264+
(r'(%config)(\s*\(\s*)(\w+)(\s*=)(.*?)(\)\s*)',
265265
bygroups(Keyword, Text, Name.Variable, Text, String, Text)),
266266
(r'(%ctor)(\s*)(\{)', bygroups(Keyword, Text, Punctuation),
267267
'function'),
268-
(r'(%new)(\s*)(\()(\s*.*?\s*)(\))',
268+
(r'(%new)(\s*)(\()(.*?)(\))',
269269
bygroups(Keyword, Text, Keyword, String, Keyword)),
270270
(r'(\s*)(%end)(\s*)', bygroups(Text, Keyword, Text)),
271271
inherit,

Diff for: pygments/lexers/templates.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -1405,7 +1405,7 @@ class EvoqueLexer(RegexLexer):
14051405
# see doc for handling first name arg: /directives/evoque/
14061406
# + minor inconsistency: the "name" in e.g. $overlay{name=site_base}
14071407
# should be using(PythonLexer), not passed out as String
1408-
(r'(\$)(evoque|overlay)(\{(%)?)(\s*[#\w\-"\'.]+[^=,%}]+?)?'
1408+
(r'(\$)(evoque|overlay)(\{(%)?)(\s*[#\w\-"\'.]+)?'
14091409
r'(.*?)((?(4)%)\})',
14101410
bygroups(Punctuation, Name.Builtin, Punctuation, None,
14111411
String, using(PythonLexer), Punctuation)),

Diff for: pygments/lexers/varnish.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ def analyse_text(text):
6161
bygroups(Name.Attribute, Operator, Name.Variable.Global, Punctuation)),
6262
(r'(\.probe)(\s*=\s*)(\{)',
6363
bygroups(Name.Attribute, Operator, Punctuation), 'probe'),
64-
(r'(\.\w+\b)(\s*=\s*)([^;]*)(\s*;)',
64+
(r'(\.\w+\b)(\s*=\s*)([^;\s]*)(\s*;)',
6565
bygroups(Name.Attribute, Operator, using(this), Punctuation)),
6666
(r'\{', Punctuation, '#push'),
6767
(r'\}', Punctuation, '#pop'),

0 commit comments

Comments
 (0)