From 550dfe79ca8c3a2ec5fbf2e34ad40fe66eb7c09f Mon Sep 17 00:00:00 2001
From: Marshall Clow <mclow.lists@gmail.com>
Date: Mon, 24 Aug 2015 15:57:09 +0000
Subject: [PATCH] Fix a crasher found by libFuzzer

llvm-svn: 245849
---
 libcxx/include/regex                          |  2 ++
 .../std/re/re.alg/re.alg.search/grep.pass.cpp | 23 +++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/libcxx/include/regex b/libcxx/include/regex
index b355bbb3ac43..b2b556e5bc47 100644
--- a/libcxx/include/regex
+++ b/libcxx/include/regex
@@ -1733,6 +1733,8 @@ template <class _CharT>
 void
 __back_ref<_CharT>::__exec(__state& __s) const
 {
+    if (__mexp_ > __s.__sub_matches_.size())
+        __throw_regex_error<regex_constants::error_backref>();
     sub_match<const _CharT*>& __sm = __s.__sub_matches_[__mexp_-1];
     if (__sm.matched)
     {
diff --git a/libcxx/test/std/re/re.alg/re.alg.search/grep.pass.cpp b/libcxx/test/std/re/re.alg/re.alg.search/grep.pass.cpp
index 113243ecd349..fbeddd04e923 100644
--- a/libcxx/test/std/re/re.alg/re.alg.search/grep.pass.cpp
+++ b/libcxx/test/std/re/re.alg/re.alg.search/grep.pass.cpp
@@ -21,6 +21,28 @@
 
 #include "test_iterators.h"
 
+extern "C" void LLVMFuzzerTestOneInput(const char *data)
+{
+    size_t size = strlen(data);
+    if (size > 0)
+    {
+        try
+        {
+            std::regex::flag_type flag = std::regex_constants::grep;
+            std::string s((const char *)data, size);
+            std::regex re(s, flag);
+            std::regex_match(s, re);
+        } 
+        catch (std::regex_error &ex) {} 
+    } 
+}
+
+
+void fuzz_tests()  // patterns that the fuzzer has found
+{
+    LLVMFuzzerTestOneInput(R"XX(Õ)_%()()((\8'_%()_%()_%()_%(()_%()_%()_%(.t;)()¥f()_%()(.)_%;)()!¥f(((()()XX");
+}
+
 int main()
 {
     {
@@ -55,4 +77,5 @@ int main()
         assert(m.position(0) == 0);
         assert(m.str(0) == "");
     }
+    fuzz_tests();
 }