libexpr: Fix prim_replaceStrings() to work on an empty source string
Otherwise, running e.g.
nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"'
would just hang in an infinite loop.
Found by afl-fuzz.
First attempt of this was reverted in e2d71bd186
because it caused
another infinite loop, which is fixed now and a test added.
This commit is contained in:
parent
24ec750003
commit
77e9e1ed91
|
@ -1913,21 +1913,32 @@ static void prim_replaceStrings(EvalState & state, const Pos & pos, Value * * ar
|
|||
auto s = state.forceString(*args[2], context, pos);
|
||||
|
||||
string res;
|
||||
for (size_t p = 0; p < s.size(); ) {
|
||||
// Loops one past last character to handle the case where 'from' contains an empty string.
|
||||
for (size_t p = 0; p <= s.size(); ) {
|
||||
bool found = false;
|
||||
auto i = from.begin();
|
||||
auto j = to.begin();
|
||||
for (; i != from.end(); ++i, ++j)
|
||||
if (s.compare(p, i->size(), *i) == 0) {
|
||||
found = true;
|
||||
p += i->size();
|
||||
res += j->first;
|
||||
if (i->empty()) {
|
||||
if (p < s.size())
|
||||
res += s[p];
|
||||
p++;
|
||||
} else {
|
||||
p += i->size();
|
||||
}
|
||||
for (auto& path : j->second)
|
||||
context.insert(path);
|
||||
j->second.clear();
|
||||
break;
|
||||
}
|
||||
if (!found) res += s[p++];
|
||||
if (!found) {
|
||||
if (p < s.size())
|
||||
res += s[p];
|
||||
p++;
|
||||
}
|
||||
}
|
||||
|
||||
mkString(v, res, context);
|
||||
|
|
|
@ -1 +1 @@
|
|||
[ "faabar" "fbar" "fubar" "faboor" "fubar" ]
|
||||
[ "faabar" "fbar" "fubar" "faboor" "fubar" "XaXbXcX" "X" "a_b" ]
|
||||
|
|
|
@ -5,4 +5,7 @@ with builtins;
|
|||
(replaceStrings ["oo"] ["u"] "foobar")
|
||||
(replaceStrings ["oo" "a"] ["a" "oo"] "foobar")
|
||||
(replaceStrings ["oo" "oo"] ["u" "i"] "foobar")
|
||||
(replaceStrings [""] ["X"] "abc")
|
||||
(replaceStrings [""] ["X"] "")
|
||||
(replaceStrings ["-"] ["_"] "a-b")
|
||||
]
|
||||
|
|
Loading…
Reference in a new issue