From db6f38bc1b73930f1da954525464cf1986f43a28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= <debian@jff.email>
Date: Fri, 29 Apr 2022 15:21:04 +0200
Subject: New upstream version 6.9.8

---
 harnesses/base.c             | 45 +++++++++++++++++++++++++++++++++++---------
 harnesses/libfuzzer-onig.cpp |  2 +-
 2 files changed, 37 insertions(+), 10 deletions(-)

(limited to 'harnesses')

diff --git a/harnesses/base.c b/harnesses/base.c
index 70f98f7..78a157a 100644
--- a/harnesses/base.c
+++ b/harnesses/base.c
@@ -148,6 +148,8 @@ dump_data(FILE* fp, unsigned char* data, int len)
     if (isprint((int )c)) {
       if (c == '\\')
         fprintf(fp, " '\\\\'");
+      else if (c == '\'')
+        fprintf(fp, " '\\''");
       else
         fprintf(fp, " '%c'", c);
     }
@@ -199,6 +201,38 @@ each_match_callback_func(const UChar* str, const UChar* end,
   return ONIG_NORMAL;
 }
 
+static unsigned int calc_retry_limit(sl, len)
+{
+  unsigned int r;
+  unsigned int upper;
+  int heavy;
+
+  heavy = sl >> 8;
+  sl &= 0xff;
+  sl += heavy;
+
+  upper = BASE_RETRY_LIMIT;
+  if (sl == 2) {
+    upper = SLOW_RETRY_LIMIT;
+  }
+  else if (sl > 2) {
+    upper = SLOW_RETRY_LIMIT * 3 / sl;
+    if (upper <= 10) upper = 10;
+  }
+
+  if (len < BASE_LENGTH) {
+    r = BASE_RETRY_LIMIT;
+  }
+  else {
+    r = BASE_RETRY_LIMIT * BASE_LENGTH / len;
+  }
+
+  if (r > upper)
+    r = upper;
+
+  return r;
+}
+
 static int
 search(regex_t* reg, unsigned char* str, unsigned char* end, OnigOptionType options, int backward, int sl)
 {
@@ -211,14 +245,7 @@ search(regex_t* reg, unsigned char* str, unsigned char* end, OnigOptionType opti
   region = onig_region_new();
 
   len = (size_t )(end - str);
-  if (len < BASE_LENGTH) {
-    if (sl >= 2)
-      retry_limit = (unsigned int )SLOW_RETRY_LIMIT;
-    else
-      retry_limit = (unsigned int )BASE_RETRY_LIMIT;
-  }
-  else
-    retry_limit = (unsigned int )(BASE_RETRY_LIMIT * BASE_LENGTH / len);
+  retry_limit = calc_retry_limit(sl, len);
 
 #ifdef STANDALONE
   fprintf(stdout, "retry limit: %u\n", retry_limit);
@@ -376,7 +403,7 @@ alloc_exec(OnigEncoding enc, OnigOptionType options, OnigSyntaxType* syntax,
   fprintf(stdout, "sl: %d\n", sl);
 #endif
   if (sl > 0) {
-    if (sl >= 100) {
+    if (sl >= 256) { // 256: exists heavy element
       if (rem_size > MAX_SLOW_REM_SIZE2)
         rem_size = MAX_SLOW_REM_SIZE2;
     }
diff --git a/harnesses/libfuzzer-onig.cpp b/harnesses/libfuzzer-onig.cpp
index 526c826..52a6848 100644
--- a/harnesses/libfuzzer-onig.cpp
+++ b/harnesses/libfuzzer-onig.cpp
@@ -29,9 +29,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t * Data, size_t Size)
 
 #ifdef FULL_TEST
   onig_initialize(&enc, 1);
+#endif
   onig_set_retry_limit_in_match(120);
   onig_set_parse_depth_limit(120);
-#endif
 
   if (onig_new(&reg, Data, Data + Size, ONIG_OPTION_DEFAULT, enc,
                ONIG_SYNTAX_DEFAULT, 0) == 0)
-- 
cgit v1.2.3