- 19 Jul, 2021 4 commits
-
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
Spotted by: Coverity
-
- 15 Jul, 2021 1 commit
-
-
Federico G. Schwindt authored
-
- 13 Jul, 2021 4 commits
-
-
Martin Blix Grydeland authored
-
Martin Blix Grydeland authored
When receiving H/2 data frames, make sure to take the advertised content length into account, and fail appropriately if the combined sum of the data frames does not match the content length.
-
Martin Blix Grydeland authored
The change to VTCP_Check() in 58a21da7 broke expect_close in varnishtest.
-
Jordan Christiansen authored
In RST, there needs to be an empty line after ::, otherwise the whole block is interpreted as a normal paragraph where newlines are not preserved.
-
- 07 Jul, 2021 2 commits
-
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
- 06 Jul, 2021 3 commits
-
-
Dridi Boukelmoune authored
Now that VRE is the only regular expression API we use, we can migrate its backend to pcre2. The existing 'pcre_*' parameters are also renamed to reflect this migration, and 'pcre_match_limit_recursion' gets special treatment and is renamed to pcre2_depth_limit. This creates an additional API breakage in VRE: the `match_recursion` field in `struct vre_limits` is also renamed. One last breakage is the removal of `VRE_has_jit` used by only one undocumented varnishtest feature, and the pcre_jit feature is only used by one test case that no longer fails. The pcre jit compilation feature was broken anyway: sealing it at compile time will not reflect what VRE actually links to. Once we have a test case needing the jit feature, we can introduce a better API for that check. There is one outstanding performance problem, the ovector that was previously allocated on the stack now needs to be allocated from the heap. It might be possible to implement a pcre2 context to fix that or maybe pool them, but for now we have heap allocations on the critical path. The VRE_sub() function makes sure to make a single ovector allocation (technically a pcre2_match_data allocation) since it's the only one guaranteed to loop on a single regular expression for the `regsuball()` use case. On the documentation front, the SmartOS installation instructions are hidden for lack of a pcre2 package. Closes #3616 Closes #3559
-
Dridi Boukelmoune authored
This reverts commit f254fff7. Conflicts: .circleci/config.yml
-
Dridi Boukelmoune authored
Since we turn warnings into errors, that means failing the build because something we have no control over in /usr/include does not have a strict prototype or some other shenanigan. Just in case it might be added by Wall or Wextra in a future clang or GCC release, we may disable it explicitly too. Refs #3565
-
- 05 Jul, 2021 16 commits
-
-
Dridi Boukelmoune authored
Bans using regular expressions will consume slightly more space, but more importantly that breaks persistence binary compatibility. That's not a concern because we are both planning for a major release where that kind of breakage is acceptable, and in the context of a pcre2 migration we would also break ban persistence. And now, VRE is the sole pcre consumer.
-
Dridi Boukelmoune authored
It packs a vre_t and a pcre in a single allocation that can be used by both VRE_match() and VRE_sub().
-
Dridi Boukelmoune authored
We always use it internally except: - where the pcre2_jit_compilation parameter applies - when libvcc verifies that a regular expression compiles For the latter, the verification would attempt a jit compilation as well until now, but we no longer need to waste cycles on that.
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
This is a major step back in terms of error reporting, but I haven't found anything in libpcre to translate an error code to an error message. "pcre error %d" should still be a good enough hint. Looking forward, we are going to need this for libpcre2 but again the API leaves some to be desired and only works by writing error messages to buffers. The return value implies that we got a valid error code, which will be verified with pcre2. I couldn't find how to verify error codes with pcre. Writing to the VSB is however fail-safe, it's the caller's job to deal with a VSB error.
-
Dridi Boukelmoune authored
With the introduction of VRE_sub() many VRE_exec() use cases went away: - VRE_NOTEMPTY flag - start offset - ovector for capture groups The subject string length is now optional and zero can be passed to signal that the subject string is null-terminated. There are no options for VRE_match() but an option argument is kept in case we start exposing some in the future.
-
Dridi Boukelmoune authored
This gives us a clean separation of VCL and pcre interactions.
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
Its first action ${string,repeat,<uint>,<string>} helps simplify many unwieldy test cases that will hopefully be easier to edit from now on.
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
Instead of having a mere value, these would be able to compute a macro expansion. We parse the contents inside the ${...} delimiters as a VAV, but there can't be (yet?) nested curly {braces}, even quoted. The first argument inside the delimiters is the macro name, and other VAV arguments are treated as arguments to the macro's function. For example ${foo,bar,baz} would call the a macro "foo"'s function with arguments "bar" and "baz". Simple macros don't take arguments and work as usual.
-
Dridi Boukelmoune authored
The latter operates on a VSB, which is always what call sites are doing anyway. It also takes the responsibility of ignoring unknown macros, in preparation for more responsibilities that will also require the ability to fail a test case.
-
Dridi Boukelmoune authored
Commas unlike spaces are hard separators, so a trailing comma leads to a last empty parameter. A comma may appear after an argument's "trailing" spaces and should not result in an additional parameter. In <foo , bar> we should expect two fields, not three. Comments are only treated as such at arguments boundaries: <foo #bar> parses one field <foo> and <foo#bar> parses one field <foo#bar>, taking the shell word splitting as the model, cementing what was the existing VAV behavior in the first place. Unlike the shell, we don't expect quotes to start in the middle of a token so <foo"bar> is invalid unless escaping was disabled. Fields that are quoted need a separator: <"foo""bar"> is therefore invalid unless escaping was disabled.
-
Dridi Boukelmoune authored
At least not on my system, where "x%02x" doesn't strictly require 2 hexadecimal digits.
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
-
- 02 Jul, 2021 8 commits
-
-
Dridi Boukelmoune authored
This reverts commit d3df1f64. I didn't mean to push it, it predates VAV's test driver.
-
Dridi Boukelmoune authored
Let's consider the following VAV strings: "foo bar baz" "foo,bar,baz" " foo bar baz " " foo,bar,baz " " foo bar baz " They are all equivalent because consecutive spaces are considered to form a single separator. However, consecutive commas aren't: "foo,bar,baz" "foo,,bar,,baz" In the example above the first string has 3 arguments while the second has 5 of them. This behavior was however inconsistent with trailing commas: "foo,bar,baz" "foo,bar,baz," "foo,bar,baz,," When it comes to trailing commas the first two strings above would contain 3 arguments, and the last string would contain 4 arguments. With this change, they respectively contain 3, 4 and 5 arguments.
-
Dridi Boukelmoune authored
Otherwise we can still overflow in the absence of a null terminator.
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
There's no longer the guarantee of a null character at the end of a VAV string.
-
Dridi Boukelmoune authored
It started with one corner case, then I found more, then I found new potential corner cases introduced by my own attempts at squaring them. I decided to take a step back and start some VAV test coverage. With something not too complicated to edit, dealing with the corner cases should increase confidence with the introduction of new cases easy to review.
-
Jordan Christiansen authored
Alpine 3.14 includes a newer version of musl that uses the newer faccessat2 syscall, which is not yet allowlisted by the seccomp filter in older Docker versions. Docker 20.10.0+ allows this new syscall. In this patch, we configure Circle to set up a Docker 20.10+ environment where we can run Alpine 3.14 builds.
-
- 30 Jun, 2021 2 commits
-
-
Dridi Boukelmoune authored
Until we figure out how to work around the build failure since "latest" bumped to 3.14.
-
Dridi Boukelmoune authored
This has confused at least one user troubleshooting this area.
-