Fix UB - signed integer overflow in regex. Thanks to Tim Shen for the patch. Reviewed as https://reviews.llvm.org/D39066

llvm-svn: 316172

libcxx/include/regex

@@ -4064,6 +4064,8 @@ basic_regex<_CharT, _Traits>::__parse_DUP_COUNT(_ForwardIterator __first,
                  __first != __last && ( __val = __traits_.value(*__first, 10)) != -1;
                  ++__first)
             {
+                if (__c >= std::numeric_limits<int>::max() / 10)
+                    __throw_regex_error<regex_constants::error_badbrace>();
                 __c *= 10;
                 __c += __val;
             }

libcxx/test/std/re/re.grammar/excessive_brace_count.pass.cpp

@@ -0,0 +1,40 @@
+//===----------------------------------------------------------------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is dual licensed under the MIT and the University of Illinois Open
+// Source Licenses. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+// <regex>
+// UNSUPPORTED: libcpp-no-exceptions
+// UNSUPPORTED: c++03
+
+// the "n" in `a{n}` should be within the numeric limits.
+
+#include <regex>
+#include <cassert>
+
+int main() {
+  for (std::regex_constants::syntax_option_type op :
+       {std::regex::basic, std::regex::grep}) {
+    try {
+      (void)std::regex("a\\{100000000000000000\\}", op);
+      assert(false);
+    } catch (const std::regex_error &e) {
+      assert(e.code() == std::regex_constants::error_badbrace);
+    }
+  }
+  for (std::regex_constants::syntax_option_type op :
+       {std::regex::ECMAScript, std::regex::extended, std::regex::egrep,
+        std::regex::awk}) {
+    try {
+      (void)std::regex("a{100000000000000000}", op);
+      assert(false);
+    } catch (const std::regex_error &e) {
+      assert(e.code() == std::regex_constants::error_badbrace);
+    }
+  }
+  return 0;
+}