Make SimplifyWalker::SimplifyRepeat() use Regexp::Concat().
This builds a two-level tree for very large numbers of
subexpressions. When min is greater than 65535 due to
coalescing, for example.
This bug was discovered by the LLVM fuzzer.
Change-Id: I7e21d24f6546b9d8f3a3d844e0ed5c6af246aa1e
Reviewed-on: https://code-review.googlesource.com/9890
Reviewed-by: Paul Wankadia <junyer@google.com>
diff --git a/re2/simplify.cc b/re2/simplify.cc
index 06f0386..910ebcc 100644
--- a/re2/simplify.cc
+++ b/re2/simplify.cc
@@ -589,12 +589,12 @@
return Regexp::Plus(re->Incref(), f);
// General case: x{4,} is xxxx+
- Regexp* nre = new Regexp(kRegexpConcat, f);
- nre->AllocSub(min);
- Regexp** nre_subs = nre->sub();
+ Regexp** nre_subs = new Regexp*[min];
for (int i = 0; i < min-1; i++)
nre_subs[i] = re->Incref();
nre_subs[min-1] = Regexp::Plus(re->Incref(), f);
+ Regexp* nre = Regexp::Concat(nre_subs, min, f);
+ delete[] nre_subs;
return nre;
}
@@ -613,11 +613,11 @@
// Build leading prefix: xx. Capturing only on the last one.
Regexp* nre = NULL;
if (min > 0) {
- nre = new Regexp(kRegexpConcat, f);
- nre->AllocSub(min);
- Regexp** nre_subs = nre->sub();
+ Regexp** nre_subs = new Regexp*[min];
for (int i = 0; i < min; i++)
nre_subs[i] = re->Incref();
+ nre = Regexp::Concat(nre_subs, min, f);
+ delete[] nre_subs;
}
// Build and attach suffix: (x(x(x)?)?)?
