Fix bad working space size calculation when PCRE2_AUTO_CALLOUT is set.

This commit is contained in:
Philip.Hazel 2016-11-04 16:35:47 +00:00
parent e533e0f774
commit 270eaa7615
5 changed files with 17 additions and 5 deletions

View File

@ -80,6 +80,9 @@ copied).
(h) An unterminated number after \g' could cause reading beyond the pattern. (h) An unterminated number after \g' could cause reading beyond the pattern.
(i) An insufficient memory size was being computed for compiling with
PCRE2_AUTO_CALLOUT.
4. Back references are now permitted in lookbehind assertions when there are 4. Back references are now permitted in lookbehind assertions when there are
no duplicated group numbers (that is, (?| has not been used), and, if the no duplicated group numbers (that is, (?| has not been used), and, if the
reference is by name, there is only one group of that name. The referenced reference is by name, there is only one group of that name. The referenced

View File

@ -2146,6 +2146,7 @@ uint32_t class_range_state;
uint32_t *verblengthptr = NULL; /* Value avoids compiler warning */ uint32_t *verblengthptr = NULL; /* Value avoids compiler warning */
uint32_t *previous_callout = NULL; uint32_t *previous_callout = NULL;
uint32_t *parsed_pattern = cb->parsed_pattern; uint32_t *parsed_pattern = cb->parsed_pattern;
uint32_t *parsed_pattern_end = cb->parsed_pattern_end;
uint32_t meta_quantifier = 0; uint32_t meta_quantifier = 0;
uint16_t nest_depth = 0; uint16_t nest_depth = 0;
int after_manual_callout = 0; int after_manual_callout = 0;
@ -2189,6 +2190,12 @@ while (ptr < ptrend)
PCRE2_SPTR thisptr; PCRE2_SPTR thisptr;
PCRE2_SIZE offset; PCRE2_SIZE offset;
if (parsed_pattern >= parsed_pattern_end)
{
errorcode = ERR63; /* Internal error (parsed pattern overflow) */
goto FAILED;
}
if (nest_depth > cb->cx->parens_nest_limit) if (nest_depth > cb->cx->parens_nest_limit)
{ {
errorcode = ERR19; errorcode = ERR19;
@ -9158,7 +9165,7 @@ used. */
parsed_size_needed = patlen - skipatstart + big32count; parsed_size_needed = patlen - skipatstart + big32count;
if ((options & PCRE2_AUTO_CALLOUT) != 0) if ((options & PCRE2_AUTO_CALLOUT) != 0)
parsed_size_needed = (parsed_size_needed + 1) * 4; parsed_size_needed = (parsed_size_needed + 1) * 5;
if (parsed_size_needed >= PARSED_PATTERN_DEFAULT_SIZE) if (parsed_size_needed >= PARSED_PATTERN_DEFAULT_SIZE)
{ {
@ -9171,6 +9178,7 @@ if (parsed_size_needed >= PARSED_PATTERN_DEFAULT_SIZE)
} }
cb.parsed_pattern = heap_parsed_pattern; cb.parsed_pattern = heap_parsed_pattern;
} }
cb.parsed_pattern_end = cb.parsed_pattern + parsed_size_needed + 1;
/* Do the parsing scan. */ /* Do the parsing scan. */

View File

@ -138,7 +138,7 @@ static const unsigned char compile_error_texts[] =
"(*VERB) not recognized or malformed\0" "(*VERB) not recognized or malformed\0"
"group number is too big\0" "group number is too big\0"
"subpattern name expected\0" "subpattern name expected\0"
"SPARE ERROR\0" "internal error: parsed pattern overflow\0"
"non-octal character in \\o{} (closing brace missing?)\0" "non-octal character in \\o{} (closing brace missing?)\0"
/* 65 */ /* 65 */
"different names for subpatterns of the same number are not allowed\0" "different names for subpatterns of the same number are not allowed\0"

View File

@ -65,11 +65,11 @@ reason to disallow UTF and UCP. Force PCRE2_NEVER_BACKSLASH_C to be set because
\C in random patterns is highly likely to cause a crash. */ \C in random patterns is highly likely to cause a crash. */
compile_options = compile_options =
((uint32_t)((r1 << 16) | (r2 & 0xffff)) & ALLOWED_COMPILE_OPTIONS) | ((((uint32_t)r1 << 16) | ((uint32_t)r2 & 0xffff)) & ALLOWED_COMPILE_OPTIONS) |
PCRE2_NEVER_BACKSLASH_C; PCRE2_NEVER_BACKSLASH_C;
match_options = match_options =
((uint32_t)((r1 << 16) | (r2 & 0xffff)) & ALLOWED_MATCH_OPTIONS); ((((uint32_t)r1 << 16) | ((uint32_t)r2 & 0xffff)) & ALLOWED_MATCH_OPTIONS);
/* Do the compile with and without the options, and after a successful compile, /* Do the compile with and without the options, and after a successful compile,
likewise do the match with and without the options. */ likewise do the match with and without the options. */

View File

@ -713,6 +713,7 @@ typedef struct compile_block {
uint32_t bracount; /* Count of capturing parentheses */ uint32_t bracount; /* Count of capturing parentheses */
uint32_t lastcapture; /* Last capture encountered */ uint32_t lastcapture; /* Last capture encountered */
uint32_t *parsed_pattern; /* Parsed pattern buffer */ uint32_t *parsed_pattern; /* Parsed pattern buffer */
uint32_t *parsed_pattern_end; /* Parsed pattern should not get here */
uint32_t *groupinfo; /* Group info vector */ uint32_t *groupinfo; /* Group info vector */
uint32_t top_backref; /* Maximum back reference */ uint32_t top_backref; /* Maximum back reference */
uint32_t backref_map; /* Bitmap of low back refs */ uint32_t backref_map; /* Bitmap of low back refs */