Fix global overflow bug for get/copy names in pcre2test.

This commit is contained in:
Philip.Hazel 2016-11-10 17:08:27 +00:00
parent 02e8b83bed
commit 21c084125c
4 changed files with 22 additions and 3 deletions

View File

@ -157,6 +157,9 @@ obsolete these days and in any case had become very haphazard.
22. Add the use_length modifier to pcre2test. 22. Add the use_length modifier to pcre2test.
23. Fix an off-by-one bug in pcre2test for the list of names for 'get' and
'copy' modifiers.
Version 10.22 29-July-2016 Version 10.22 29-July-2016
-------------------------- --------------------------

View File

@ -3556,10 +3556,16 @@ for (;;)
char *nn = (char *)field; char *nn = (char *)field;
if (len > 0) /* Add new name */ if (len > 0) /* Add new name */
{ {
while (*nn != 0) nn += strlen(nn) + 1; if (len > MAX_NAME_SIZE)
if (nn + len + 1 - (char *)field > LENCPYGET)
{ {
fprintf(outfile, "** Too many named '%s' modifiers\n", m->name); fprintf(outfile, "** Group name in '%s' is too long\n", m->name);
return FALSE;
}
while (*nn != 0) nn += strlen(nn) + 1;
if (nn + len + 2 - (char *)field > LENCPYGET)
{
fprintf(outfile, "** Too many characters in named '%s' modifiers\n",
m->name);
return FALSE; return FALSE;
} }
memcpy(nn, pp, len); memcpy(nn, pp, len);

4
testdata/testinput2 vendored
View File

@ -4908,4 +4908,8 @@ a)"xI
/{„Í„ÍÍ„Í{'{22{2{{2{'{22{{22{2{'{22{2{{2{{222{{2{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{222{2Ä„Í„ÍÍ„Í{'{22{2{{2{'{22{{11{2{'{22{2{{2{{'{22{2{{2{'{22{{22{1{'{22{2{{2{{222{{2{'{22{2{22{2{'{/auto_callout /{„Í„ÍÍ„Í{'{22{2{{2{'{22{{22{2{'{22{2{{2{{222{{2{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{222{2Ä„Í„ÍÍ„Í{'{22{2{{2{'{22{{11{2{'{22{2{{2{{'{22{2{{2{'{22{{22{1{'{22{2{{2{{222{{2{'{22{2{22{2{'{/auto_callout
//
\=get=i00000000000000000000000000000000
\=get=i2345678901234567890123456789012,get=i1245678901234567890123456789012
# End of testinput2 # End of testinput2

View File

@ -15355,6 +15355,12 @@ Failed: error 157 at offset 6: \g is not followed by a braced, angle-bracketed,
/{„Í„ÍÍ„Í{'{22{2{{2{'{22{{22{2{'{22{2{{2{{222{{2{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{222{2Ä„Í„ÍÍ„Í{'{22{2{{2{'{22{{11{2{'{22{2{{2{{'{22{2{{2{'{22{{22{1{'{22{2{{2{{222{{2{'{22{2{22{2{'{/auto_callout /{„Í„ÍÍ„Í{'{22{2{{2{'{22{{22{2{'{22{2{{2{{222{{2{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{222{2Ä„Í„ÍÍ„Í{'{22{2{{2{'{22{{11{2{'{22{2{{2{{'{22{2{{2{'{22{{22{1{'{22{2{{2{{222{{2{'{22{2{22{2{'{/auto_callout
//
\=get=i00000000000000000000000000000000
** Group name in 'get' is too long
\=get=i2345678901234567890123456789012,get=i1245678901234567890123456789012
** Too many characters in named 'get' modifiers
# End of testinput2 # End of testinput2
Error -63: PCRE2_ERROR_BADDATA (unknown error number) Error -63: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data Error -62: bad serialized data