walkero
/
pcre2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Tidy another out-of-bounds pointer issue.

This commit is contained in:
Philip.Hazel 2015-11-12 17:24:58 +00:00
parent 9c5958fbe6
commit 8d70b1d368
3 changed files with 29 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -290,6 +290,9 @@ a factor of the size of the compiling workspace (it currently is).
85. Check for too many replacements (more than INT_MAX) in pcre2_substitute(). 85. Check for too many replacements (more than INT_MAX) in pcre2_substitute().
86. Avoid the possibility of computing with an out-of-bounds pointer (though
not dereferencing it) while handling lookbehind assertions.
Version 10.20 30-June-2015 Version 10.20 30-June-2015
-------------------------- --------------------------

12
src/pcre2_dfa_match.c
View File

@ -433,13 +433,13 @@ move back, and set up each alternative appropriately. */
if (*first_op == OP_REVERSE) if (*first_op == OP_REVERSE)
{ {
int max_back = 0; size_t max_back = 0;
int gone_back; size_t gone_back;
end_code = this_start_code; end_code = this_start_code;
do do
{ {
int back = GET(end_code, 2+LINK_SIZE); size_t back = GET(end_code, 2+LINK_SIZE);
if (back > max_back) max_back = back; if (back > max_back) max_back = back;
end_code += GET(end_code, 1); end_code += GET(end_code, 1);
} }
@ -466,8 +466,8 @@ if (*first_op == OP_REVERSE)
/* In byte-mode we can do this quickly. */ /* In byte-mode we can do this quickly. */
{ {
gone_back = (current_subject - max_back < start_subject)? size_t current_offset = (size_t)(current_subject - start_subject);
(int)(current_subject - start_subject) : max_back; gone_back = (current_offset < max_back)? current_offset : max_back;
current_subject -= gone_back; current_subject -= gone_back;
} }
@ -481,7 +481,7 @@ if (*first_op == OP_REVERSE)
end_code = this_start_code; end_code = this_start_code;
do do
{ {
int back = GET(end_code, 2+LINK_SIZE); size_t back = GET(end_code, 2+LINK_SIZE);
if (back <= gone_back) if (back <= gone_back)
{ {
int bstate = (int)(end_code - start_code + 2 + 2*LINK_SIZE); int bstate = (int)(end_code - start_code + 2 + 2*LINK_SIZE);

8
src/pcre2_match.c
View File

@ -1704,14 +1704,14 @@ for (;;)
back a number of characters, not bytes. */ back a number of characters, not bytes. */
case OP_REVERSE: case OP_REVERSE:
i = GET(ecode, 1);
#ifdef SUPPORT_UNICODE #ifdef SUPPORT_UNICODE
if (utf) if (utf)
{ {
i = GET(ecode, 1);
while (i-- > 0) while (i-- > 0)
{ {
if (eptr <= mb->start_subject) RRETURN(MATCH_NOMATCH);
eptr--; eptr--;
if (eptr < mb->start_subject) RRETURN(MATCH_NOMATCH);
BACKCHAR(eptr); BACKCHAR(eptr);
} }
} }
@ -1721,8 +1721,8 @@ for (;;)
/* No UTF-8 support, or not in UTF-8 mode: count is byte count */ /* No UTF-8 support, or not in UTF-8 mode: count is byte count */
{ {
eptr -= GET(ecode, 1); if (i > eptr - mb->start_subject) RRETURN(MATCH_NOMATCH);
if (eptr < mb->start_subject) RRETURN(MATCH_NOMATCH); eptr -= i;
} }
/* Save the earliest consulted character, then skip to next op code */ /* Save the earliest consulted character, then skip to next op code */