Fix [[:>:]] when followed by parenthesis buffer overflow.

This commit is contained in:
Philip.Hazel 2015-07-15 09:08:12 +00:00
parent a972710d68
commit 098562db96
4 changed files with 13 additions and 3 deletions

View File

@ -14,6 +14,10 @@ pcre2_auto_possessify.c source.
4. Fix typos in dftables.c for z/OS. 4. Fix typos in dftables.c for z/OS.
5. Change 36 for 10.20 broke the handling of [[:>:]] and [[:<:]] in that
processing them could involve a buffer overflow if the following character was
an opening parenthesis.
Version 10.20 30-June-2015 Version 10.20 30-June-2015
-------------------------- --------------------------

View File

@ -3238,7 +3238,7 @@ for (; ptr < cb->end_pattern; ptr++)
if (PRIV(strncmp_c8)(ptr+1, STRING_WEIRD_STARTWORD, 6) == 0 || if (PRIV(strncmp_c8)(ptr+1, STRING_WEIRD_STARTWORD, 6) == 0 ||
PRIV(strncmp_c8)(ptr+1, STRING_WEIRD_ENDWORD, 6) == 0) PRIV(strncmp_c8)(ptr+1, STRING_WEIRD_ENDWORD, 6) == 0)
{ {
ptr += 7; ptr += 6;
break; break;
} }
@ -3303,8 +3303,9 @@ for (; ptr < cb->end_pattern; ptr++)
if (c == CHAR_LEFT_SQUARE_BRACKET && if (c == CHAR_LEFT_SQUARE_BRACKET &&
(ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT || (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
ptr[1] == CHAR_EQUALS_SIGN) && check_posix_syntax(ptr, &ptr)) ptr[1] == CHAR_EQUALS_SIGN) && check_posix_syntax(ptr, &ptr))
ptr ++; {
ptr++;
}
else if (c == CHAR_BACKSLASH) else if (c == CHAR_BACKSLASH)
{ {
errorcode = 0; errorcode = 0;

2
testdata/testinput2 vendored
View File

@ -4327,4 +4327,6 @@ a random value. /Ix
/^(?:(?(1)x|)+)+$()/B /^(?:(?(1)x|)+)+$()/B
/[[:>:]](?<)/
# End of testinput2 # End of testinput2

View File

@ -14470,4 +14470,7 @@ Failed: error 161 at offset 32: number is too big
End End
------------------------------------------------------------------ ------------------------------------------------------------------
/[[:>:]](?<)/
Failed: error 124 at offset 10: unrecognized character after (?<
# End of testinput2 # End of testinput2