Fix buffer overflow in partial match test for CRLF in empty buffer.

2016-12-08 17:55:26 +00:00 · 2016-12-08 17:55:26 +00:00 · 0e04c156a4
parent 561dff70d0
commit 0e04c156a4
4 changed files with 11 additions and 1 deletions
--- a/3
+++ b/3
@ -198,6 +198,9 @@ pcre2test for testing it.

 29. Fix small memory leak in pcre2test.

+30. Fix out-of-bounds read for partial matching of /./ against an empty string 
+when the newline type is CRLF.
+

 Version 10.22 29-July-2016
 --------------------------
--- a/src/pcre2_match.c
+++ b/src/pcre2_match.c
@ -2379,7 +2379,7 @@ for (;;)
    case OP_ANY:
    if (IS_NEWLINE(eptr)) RRETURN(MATCH_NOMATCH);
    if (mb->partial != 0 &&
-        eptr + 1 >= mb->end_subject &&
+        eptr == mb->end_subject - 1 &&
        NLBLOCK->nltype == NLTYPE_FIXED &&
        NLBLOCK->nllen == 2 &&
        UCHAR21TEST(eptr) == NLBLOCK->nl[0])
--- a/testdata/testinput2
+++ b/testdata/testinput2
@ -4922,4 +4922,7 @@ a)"xI

 %(*:(:(svvvvvvvvvv:]*[   Z!*;[]*[^[]*!^[+.+{{2,7}'      _\\\\\\\\\\\\\)?.:..    *w////\\\Q\\\\\\\\\\\\\\\T\\\\\+/?/////'+\\\EEE?/////'+/*+/[^K]?]//(w)%never_backslash_c,alt_verbnames,auto_callout

+/./newline=crlf
+\=ph
+
 # End of testinput2 
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@ -15374,6 +15374,10 @@ Failed: error 109 at offset 6: quantifier does not follow a repeatable item

 %(*:(:(svvvvvvvvvv:]*[   Z!*;[]*[^[]*!^[+.+{{2,7}'      _\\\\\\\\\\\\\)?.:..    *w////\\\Q\\\\\\\\\\\\\\\T\\\\\+/?/////'+\\\EEE?/////'+/*+/[^K]?]//(w)%never_backslash_c,alt_verbnames,auto_callout

+/./newline=crlf
+\=ph
+No match
+
 # End of testinput2 
 Error -63: PCRE2_ERROR_BADDATA (unknown error number)
 Error -62: bad serialized data