John Johansen b6d9d9d8b6 parser: fix Normalizatin infinite loop ... Expression simplification can get into an infinite loop due to eps pairs hiding behind and alternation that can't be caught by normalize_eps() (which exists in the first place to stop a similar loop). The loop in question happens in AltNode::normalize when a subtree has the following structure. 1. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ eps alt /\ / \ / \ alt eps /\ / \ / \ eps eps 2. if (normalize_eps(dir)) results in alt /\ / \ / \ alt eps /\ / \ / \ alt eps /\ / \ / \ eps eps 3. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ alt alt /\ /\ / \ / \ / \ / \ eps eps eps eps 4. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ eps alt /\ / \ / \ eps alt /\ / \ / \ eps eps 5. if (normalize_eps(dir)) results in alt /\ / \ / \ alt eps /\ / \ / \ eps alt /\ / \ / \ eps eps 6. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ eps alt /\ / \ / \ alt eps /\ / \ / \ eps eps back to beginning of cycle Fix this by detecting the creation of an eps_pair in rotate_node(), that pair can be immediately eliminated by simplifying the tree in that step. In the above cycle the pair creation is caught at step 3 resulting in 3. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ alt eps /\ / \ / \ eps eps 4. elseif (child[dir]->is_type(ALT_NODE)) rotate_node too alt /\ / \ / \ eps alt /\ / \ / \ eps eps whch gets reduces to alt /\ / \ / \ eps eps breaking the normalization loop. The degenerate alt node will be caught in turn when its parent is dealt with. This needs to be backported to all releases Closes: https://gitlab.com/apparmor/apparmor/-/issues/398 Fixes: 846cee506 ("Split out parsing and expression trees from regexp.y") Reported-by: Christian Boltz <apparmor@cboltz.de> Signed-off-by: John Johansen <john.johansen@canonical.com>		2024-06-14 07:00:47 -07:00
..
ok_normalize.sd	parser: fix Normalizatin infinite loop	2024-06-14 07:00:47 -07:00