Fix [[:>:]] when followed by parenthesis buffer overflow.

This commit is contained in:
Philip.Hazel 2015-07-15 09:08:12 +00:00
parent a972710d68
commit 098562db96
4 changed files with 13 additions and 3 deletions

View File

@ -14,6 +14,10 @@ pcre2_auto_possessify.c source.
4. Fix typos in dftables.c for z/OS.
5. Change 36 for 10.20 broke the handling of [[:>:]] and [[:<:]] in that
processing them could involve a buffer overflow if the following character was
an opening parenthesis.
Version 10.20 30-June-2015
--------------------------

View File

@ -3238,7 +3238,7 @@ for (; ptr < cb->end_pattern; ptr++)
if (PRIV(strncmp_c8)(ptr+1, STRING_WEIRD_STARTWORD, 6) == 0 ||
PRIV(strncmp_c8)(ptr+1, STRING_WEIRD_ENDWORD, 6) == 0)
{
ptr += 7;
ptr += 6;
break;
}
@ -3303,8 +3303,9 @@ for (; ptr < cb->end_pattern; ptr++)
if (c == CHAR_LEFT_SQUARE_BRACKET &&
(ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
ptr[1] == CHAR_EQUALS_SIGN) && check_posix_syntax(ptr, &ptr))
{
ptr++;
}
else if (c == CHAR_BACKSLASH)
{
errorcode = 0;

2
testdata/testinput2 vendored
View File

@ -4327,4 +4327,6 @@ a random value. /Ix
/^(?:(?(1)x|)+)+$()/B
/[[:>:]](?<)/
# End of testinput2

View File

@ -14470,4 +14470,7 @@ Failed: error 161 at offset 32: number is too big
End
------------------------------------------------------------------
/[[:>:]](?<)/
Failed: error 124 at offset 10: unrecognized character after (?<
# End of testinput2