Skip to content

Fix missing bounds check for character sets in bar()#39

Open
Avlaak wants to merge 1 commit into
cesanta:masterfrom
Avlaak:fix/bar
Open

Fix missing bounds check for character sets in bar()#39
Avlaak wants to merge 1 commit into
cesanta:masterfrom
Avlaak:fix/bar

Conversation

@Avlaak

@Avlaak Avlaak commented Mar 26, 2026

Copy link
Copy Markdown

Fix missing bounds check for character sets in bar()

Summary

This change fixes a bug in bar() where a character set ([...]) could be
evaluated after the input string had already been fully consumed, producing
false positive matches.

The issue was exposed by the pattern ^(-?[0-9]+[.|,][0-9]+), which
incorrectly matched plain integer inputs such as 1 and -1.

Root cause

When bar() processed a character set ([...]), it did not verify that the
current input position was still within bounds before calling match_set().

Because of that, a pattern like [.|,] could be tested against the string
terminator after the input was exhausted, which allowed the overall expression
to produce a false positive match.

Fix

The matcher now returns SLRE_NO_MATCH if a character set is reached when the
current position is already at or beyond the end of the input string.

Tests

Added regression coverage for these inputs with
^(-?[0-9]+[.|,][0-9]+):

  • 1 -> no match
  • 1.0 -> match
  • 1,0 -> match
  • -1 -> no match
  • -1.0 -> match
  • -1,0 -> match

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Avlaak