Fix fuzzing infinite loops in repeatMatch.Matches

trustelem / zxcvbn

Go implementation of Dropbox's zxcvbn realistic password strength estimator

MIT License

67 stars 13 forks source link

Fix fuzzing infinite loops in repeatMatch.Matches #4

Closed stevenjohnstone closed 6 years ago

stevenjohnstone commented 6 years ago

regexp2's FindStringMatchStartingAt takes a string index as input. The output matches refer to rune array indices. These need to be converted to string indices to be passed safely into FindStringMatchStartingAt in the loop.

coveralls commented 6 years ago

Pull Request Test Coverage Report for Build 18

10 of 11 (90.91%) changed or added relevant lines in 1 file are covered.
No unchanged relevant lines lost coverage.
Overall coverage decreased (-0.06%) to 95.917%

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
matching/repeat.go	10	11	90.91%
<!--	Total:	10	11	90.91%	-->

Totals
Change from base Build 17:	-0.06%
Covered Lines:	1057
Relevant Lines:	1102

💛 - Coveralls

vanackere commented 6 years ago

Nice catch, thank you !