Fix panics parsing regex with whitespace in extended mode

[robinst]

The added tests fail without the fix like this:

---- parser::tests::ignore_space_escape_hex2 stdout ----
	thread 'parser::tests::ignore_space_escape_hex2' panicked at 'called `Result::unwrap()` on an `Err` value: Error { pos: 10, surround: "x 5 3", kind: InvalidBase16(" 5 3") }', src/libcore/result.rs:860

---- parser::tests::ignore_space_escape_hex stdout ----
	thread 'parser::tests::ignore_space_escape_hex' panicked at 'called `Result::unwrap()` on an `Err` value: Error { pos: 12, surround: "{ 5 3 }", kind: InvalidBase16(" 5 3") }', src/libcore/result.rs:860

---- parser::tests::ignore_space_ascii_classes stdout ----
	thread 'parser::tests::ignore_space_ascii_classes' panicked at 'called `Result::unwrap()` on an `Err` value: Error { pos: 5, surround: "(?x)[ [ : ", kind: UnsupportedClassChar('[') }', src/libcore/result.rs:860
note: Run with `RUST_BACKTRACE=1` for a backtrace.

---- parser::tests::ignore_space_escape_octal stdout ----
	thread 'parser::tests::ignore_space_escape_octal' panicked at 'valid octal number', src/libcore/option.rs:785

---- parser::tests::ignore_space_escape_unicode_name stdout ----
	thread 'parser::tests::ignore_space_escape_unicode_name' panicked at 'called `Result::unwrap()` on an `Err` value: Error { pos: 15, surround: "Y i }", kind: UnrecognizedUnicodeClass(" Y i") }', src/libcore/result.rs:860

---- parser::tests::ignore_space_repeat_counted stdout ----
	thread 'parser::tests::ignore_space_repeat_counted' panicked at 'called `Result::unwrap()` on an `Err` value: Error { pos: 15, surround: ", 1 0 }", kind: InvalidBase10("1 0") }', src/libcore/result.rs:860

The reason for the panics is that bump_get would ignore space when
walking the characters, but then keep the spaces in the returned String.

Found using cargo-fuzz.

[robinst]

The fuzz script is here (not sure if you would want to merge that or not): master...robinst:add-cargo-fuzz-script

You can run it using cargo install cargo-fuzz && cargo fuzz run fuzzer_script_parse.

The artifact that it returned was this: m:(?xxxxxxxxxxxxxms)mmm\x00\x01\x00.\x00+@-\x00\x0a\x00\x10\x10\x10\x10\x10\x10\x10\x10'\x10\x02[--\x0a[\x00\x00$\\\x0a3\x03[\x00:6\x03D\x00. Reduced that and added tests for other cases.

[robinst]

Seems a bit weird that it's allowed to add space between digits of a number, but that seems to be the closest to the current behavior.

[BurntSushi]

@robinst Thanks for finding this! Sorry it slipped out of my queue, but your blog post caught my attention. :-) Nice work!

I'm not sure the fix is right either. Does this also apply to thinks like \p{G r e ek}? We should probably look at how other regex engines handle verbose mode.

[robinst]

I'm not sure the fix is right either. Does this also apply to thinks like \p{G r e ek}?

Yes, and things like [ [ : u p p e r : ] ], see the test cases. I'm not sure about it either.

Maybe whitespace should only be allowed between logical groups of characters. For example, it should not be allowed within a number or within a text identifier. Here's what other engines do:

Oniguruma: (?x) \ x53, (?x) \x 53, (?x) \x5 3 all compile but don't match S

Perl behaves the same way, checked with perl -e 'print "matches" if "S" =~ /(?x) \ x53/'

So at least for \x they don't seem to allow any space in the whole sequence. Even \ d doesn't match a digit, whereas regex-syntax does.

[BurntSushi]

Thinking about this a bit more, it feels like we shouldn't allow arbitrary whitespace in arbitrary syntax. Maybe things like \p{G r e e k} should produce a syntax error?

[robinst]

Thinking about this a bit more, it feels like we shouldn't allow arbitrary whitespace in arbitrary syntax.

Agreed. I've prepared a different pull request here: #354

[BurntSushi]

I decided to go with #354 over this one. Thanks so much!