From fc78e70d082741e6c7c71c537668fd9169e58610 Mon Sep 17 00:00:00 2001
From: Aaron Gyes <me@aaron.gy>
Date: Sat, 16 Apr 2016 01:02:58 -0700
Subject: Apply pcre2 svn rev 489 patch to fix CVE-2016-3191

---
 pcre2-10.21/src/pcre2_compile.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'pcre2-10.21')

diff --git a/pcre2-10.21/src/pcre2_compile.c b/pcre2-10.21/src/pcre2_compile.c
index d8528378..87610903 100644
--- a/pcre2-10.21/src/pcre2_compile.c
+++ b/pcre2-10.21/src/pcre2_compile.c
@@ -4866,7 +4866,6 @@ for (;; ptr++)
 
         /* For a single, positive character, get the value into mcbuffer, and
         then we can handle this with the normal one-character code. */
-
         mclength = PUTCHAR(c, mcbuffer);
         goto ONE_CHAR;
         }       /* End of 1-char optimization */
@@ -5899,11 +5898,22 @@ for (;; ptr++)
               goto FAILED;
               }
             cb->had_accept = TRUE;
+            /* In the first pass, just accumulate the length required;
+               otherwise hitting (*ACCEPT) inside many nested parentheses can
+               cause workspace overflow. */
             for (oc = cb->open_caps; oc != NULL; oc = oc->next)
               {
-              *code++ = OP_CLOSE;
-              PUT2INC(code, 0, oc->number);
+              if (lengthptr != NULL)
+                {
+                *lengthptr += CU2BYTES(1) + IMM2_SIZE;
+                }
+              else
+                {
+                *code++ = OP_CLOSE;
+                PUT2INC(code, 0, oc->number);
+                }
               }
+
             setverb = *code++ =
               (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
 
-- 
cgit v1.2.3