diff options
| author |  Aaron Gyes <me@aaron.gy> | 2016-04-16 01:02:58 -0700 |
|---|---|---|
| committer |  David Adam <zanchey@ucc.gu.uwa.edu.au> | 2016-04-19 15:13:14 +0800 |
| commit | fc78e70d082741e6c7c71c537668fd9169e58610 (patch) | |
| tree | 2160b82feeb0a1ecbcb5456764e8e8794b76f686 /pcre2-10.21 | |
| parent | aefcf544ca27746ce1d69ecd6bda688b93827840 (diff) | |
Apply pcre2 svn rev 489 patch to fix CVE-2016-3191
Diffstat (limited to 'pcre2-10.21')
| -rw-r--r-- | pcre2-10.21/src/pcre2_compile.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/pcre2-10.21/src/pcre2_compile.c b/pcre2-10.21/src/pcre2_compile.c index d8528378..87610903 100644 --- a/pcre2-10.21/src/pcre2_compile.c +++ b/pcre2-10.21/src/pcre2_compile.c @@ -4866,7 +4866,6 @@ for (;; ptr++) /* For a single, positive character, get the value into mcbuffer, and then we can handle this with the normal one-character code. */ - mclength = PUTCHAR(c, mcbuffer); goto ONE_CHAR; } /* End of 1-char optimization */ @@ -5899,11 +5898,22 @@ for (;; ptr++) goto FAILED; } cb->had_accept = TRUE; + /* In the first pass, just accumulate the length required; + otherwise hitting (*ACCEPT) inside many nested parentheses can + cause workspace overflow. */ for (oc = cb->open_caps; oc != NULL; oc = oc->next) { - *code++ = OP_CLOSE; - PUT2INC(code, 0, oc->number); + if (lengthptr != NULL) + { + *lengthptr += CU2BYTES(1) + IMM2_SIZE; + } + else + { + *code++ = OP_CLOSE; + PUT2INC(code, 0, oc->number); + } } + setverb = *code++ = (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT; |