ffi: pass non-empty slice when haystack is empty

BurntSushi · BurntSushi · commit 2effc2849581 · 2024-07-30T14:52:43.000-04:00
To work around likely bugs in (older versions of) PCRE2. Namely, at one point, PCRE2 would dereference the haystack pointer even when the length was zero. This was reported in #10 and we worked around this in #11 by passing a pointer to a const `&[]`, with the (erroneous) presumption that this would be a valid pointer to dereference. In retrospect though, this was a little silly, because you should never be dereferencing a pointer to an empty slice. It's not valid. Alas, at that time, Rust did actually hand you a valid pointer that could be dereferenced. But [this PR][rust-pull] changed that. And thus, we're back to where we started: handing buggy versions of PCRE2 a zero length haystack with a dangling pointer. So we fix this once and for all by passing a slice of length 1, but with a haystack length of 0, to the PCRE2 search routine when searching an empty haystack. This will guarantee the provision of a dereferencable pointer should PCRE2 decide to dereference it. Fixes #42 [rust-pull]: rust-lang/rust#123936
diff --git a/src/ffi.rs b/src/ffi.rs
@@ -433,20 +433,35 @@ impl MatchData {
         start: usize,
         options: u32,
     ) -> Result<bool, Error> {
-        // When the subject is empty, we use an empty slice
-        // with a known valid pointer. Otherwise, slices derived
-        // from, e.g., an empty `Vec<u8>` may not have a valid
-        // pointer, since creating an empty `Vec` is guaranteed
-        // to not allocate.
-        const EMPTY: &[u8] = &[];
+        // When the subject is empty, we use an NON-empty slice with a known
+        // valid pointer. Otherwise, slices derived from, e.g., an empty
+        // `Vec<u8>` may not have a valid pointer, since creating an empty
+        // `Vec` is guaranteed to not allocate.
+        //
+        // We use a non-empty slice since it is otherwise difficult
+        // to guarantee getting a dereferencable pointer. Which makes
+        // sense, because the slice is empty, the pointer should never be
+        // dereferenced!
+        //
+        // Alas, older versions of PCRE2 did exactly this. While that bug has
+        // been fixed a while ago, it still seems to pop up[1]. So we try
+        // harder.
+        //
+        // Note that even though we pass a non-empty slice in this case, we
+        // still pass a length of zero. This just provides a pointer that won't
+        // explode if you try to dereference it.
+        //
+        // [1]: https://github.com/BurntSushi/rust-pcre2/issues/42
+        static SINGLETON: &[u8] = &[0];
+        let len = subject.len();
         if subject.is_empty() {
-            subject = EMPTY;
+            subject = SINGLETON;
         }
 
         let rc = pcre2_match_8(
             code.as_ptr(),
             subject.as_ptr(),
-            subject.len(),
+            len,
             start,
             options,
             self.as_mut_ptr(),
