automata: fix onepass::DFA::try_search_slots panic when too many slots are given
#1330
+138
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BurntSushi
force-pushed
the
ag/fix-panic-too-many-slots
branch
from
afa03cc to
f03bef3
Compare
…ots are given The API specifically documents that the caller may provide *any* number of slots. But the onepass implementation was panicking when too many were provided. (I had only considered the case when too few were provided when I wrote one-pass implementation I think.) This already works for the PikeVM and the bounded backtracker. This commit adds tests covering those as well. Note that the bug report specifically cites a zero-repetition capture group as the instigator here. While that may have provided the circumstances for the bug to appear, the actual bug is more general than that. You don't need any capture groups at all to provoke it. You just need to provide more slots than there are in the compiled regex. Fixes #1327, Closes #1329
BurntSushi
force-pushed
the
ag/fix-panic-too-many-slots
branch
from
f03bef3 to
685c875
Compare
keith-hall
approved these changes
Jan 30, 2026
| // caller provided slots is bigger than the number of slots in the | ||
| // compiled regex. (It's a bit of a weird case, but for simplicity and | ||
| // flexibility reasons, it is an API guarantee that the caller can | ||
| // provided any number of slots that they want.) |
There was a problem hiding this comment.
Suggested change
| // provided any number of slots that they want.) | |
| // provide any number of slots that they want.) |
Comment on lines
+2239
to
+2251
|
|
||
| // There is an edge case when a regex has capture groups with zero | ||
| // repetition (e.g., (abc){0}), the cache may have fewer explicit | ||
| // slots than what the caller provided. | ||
| // So we copy only the slots that exist in the cache. | ||
| // let cache_slots = cache.explicit_slots(); | ||
| // let available = core::cmp::min( | ||
| // cache_slots.len(), | ||
| // slots.len().saturating_sub(self.explicit_slot_start), | ||
| // ); | ||
| // slots[self.explicit_slot_start | ||
| // ..self.explicit_slot_start + available] | ||
| // .copy_from_slice(&cache_slots[..available]); |
There was a problem hiding this comment.
probably it makes sense to remove this commented out section, the new comment covers it nicely and more accurately 🙂
Suggested change
| // There is an edge case when a regex has capture groups with zero | |
| // repetition (e.g., (abc){0}), the cache may have fewer explicit | |
| // slots than what the caller provided. | |
| // So we copy only the slots that exist in the cache. | |
| // let cache_slots = cache.explicit_slots(); | |
| // let available = core::cmp::min( | |
| // cache_slots.len(), | |
| // slots.len().saturating_sub(self.explicit_slot_start), | |
| // ); | |
| // slots[self.explicit_slot_start | |
| // ..self.explicit_slot_start + available] | |
| // .copy_from_slice(&cache_slots[..available]); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The API specifically documents that the caller may provide any number
of slots. But the onepass implementation was panicking when too many
were provided. (I had only considered the case when too few were
provided when I wrote one-pass implementation I think.)
This already works for the PikeVM and the bounded backtracker. This
commit adds tests covering those as well.
Note that the bug report specifically cites a zero-repetition capture
group as the instigator here. While that may have provided the
circumstances for the bug to appear, the actual bug is more general than
that. You don't need any capture groups at all to provoke it. You just
need to provide more slots than there are in the compiled regex.
Fixes #1327, Closes #1329