From 15af9e48d1d7e56c09e2242db85eee2537e74526 Mon Sep 17 00:00:00 2001
From: Paul Wankadia <junyer@google.com>
Date: Fri, 27 Oct 2017 16:06:25 +1100
Subject: [PATCH] Crudely limit the use of \p and \P when fuzzing.

Change-Id: I7456324a2a412971a584f380489a6cc207892224
Reviewed-on: https://code-review.googlesource.com/18890
Reviewed-by: Paul Wankadia <junyer@google.com>
---
 re2/fuzzing/re2_fuzzer.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/re2/fuzzing/re2_fuzzer.cc b/re2/fuzzing/re2_fuzzer.cc
index 7c484665c..1da7a1fab 100644
--- a/re2/fuzzing/re2_fuzzer.cc
+++ b/re2/fuzzing/re2_fuzzer.cc
@@ -59,6 +59,15 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   if (size == 0 || size > 1024)
     return 0;
 
+  // Crudely limit the use of \p and \P.
+  int backslash_p = 0;
+  for (size_t i = 0; i < size; i++) {
+    if (data[i] == '\\' && i+1 < size && (data[i+1] == 'p' || data[i+1] == 'P'))
+      backslash_p++;
+  }
+  if (backslash_p > 10)
+    return 0;
+
   // The one-at-a-time hash by Bob Jenkins.
   uint32_t hash = 0;
   for (size_t i = 0; i < size; i++) {