Fix overlong (*MARK) or (*THEN) names bug.
This commit is contained in:
parent
c82273cc74
commit
9577d9e165
|
@ -217,6 +217,9 @@ message if there were only single-character modifiers. It should be ignored.
|
||||||
or segmentation errors for some patterns. Found with libFuzzer and
|
or segmentation errors for some patterns. Found with libFuzzer and
|
||||||
AddressSanitizer.
|
AddressSanitizer.
|
||||||
|
|
||||||
|
63. Very long names in (*MARK) or (*THEN) items could provoke a buffer
|
||||||
|
overflow.
|
||||||
|
|
||||||
|
|
||||||
Version 10.20 30-June-2015
|
Version 10.20 30-June-2015
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
|
@ -5645,7 +5645,7 @@ for (;; ptr++)
|
||||||
|
|
||||||
/* Handle other cases with/without an argument */
|
/* Handle other cases with/without an argument */
|
||||||
|
|
||||||
else if (arglen == 0)
|
else if (arglen == 0) /* There is no argument */
|
||||||
{
|
{
|
||||||
if (verbs[i].op < 0) /* Argument is mandatory */
|
if (verbs[i].op < 0) /* Argument is mandatory */
|
||||||
{
|
{
|
||||||
|
@ -5655,7 +5655,7 @@ for (;; ptr++)
|
||||||
setverb = *code++ = verbs[i].op;
|
setverb = *code++ = verbs[i].op;
|
||||||
}
|
}
|
||||||
|
|
||||||
else
|
else /* An argument is present */
|
||||||
{
|
{
|
||||||
if (verbs[i].op_arg < 0) /* Argument is forbidden */
|
if (verbs[i].op_arg < 0) /* Argument is forbidden */
|
||||||
{
|
{
|
||||||
|
@ -5663,6 +5663,19 @@ for (;; ptr++)
|
||||||
goto FAILED;
|
goto FAILED;
|
||||||
}
|
}
|
||||||
setverb = *code++ = verbs[i].op_arg;
|
setverb = *code++ = verbs[i].op_arg;
|
||||||
|
|
||||||
|
/* Arguments can be very long, especially in 16- and 32-bit modes,
|
||||||
|
and can overflow the workspace in the first pass. Instead of
|
||||||
|
putting the argument into memory, we just update the length counter
|
||||||
|
and set up an empty argument. */
|
||||||
|
|
||||||
|
if (lengthptr != NULL)
|
||||||
|
{
|
||||||
|
*lengthptr += arglen;
|
||||||
|
*code++ = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
*code++ = arglen;
|
*code++ = arglen;
|
||||||
if ((options & PCRE2_ALT_VERBNAMES) != 0)
|
if ((options & PCRE2_ALT_VERBNAMES) != 0)
|
||||||
{
|
{
|
||||||
|
@ -5676,6 +5689,7 @@ for (;; ptr++)
|
||||||
memcpy(code, arg, CU2BYTES(arglen));
|
memcpy(code, arg, CU2BYTES(arglen));
|
||||||
code += arglen;
|
code += arglen;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
*code++ = 0;
|
*code++ = 0;
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -252,4 +252,6 @@
|
||||||
|
|
||||||
/(*MARK:a\x{100}b)z/alt_verbnames
|
/(*MARK:a\x{100}b)z/alt_verbnames
|
||||||
|
|
||||||
|
/(?'ABC'[bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar](*THEN:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))/
|
||||||
|
|
||||||
# End of testinput9
|
# End of testinput9
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -355,4 +355,6 @@ Failed: error 177 at offset 6: character code point value in \u.... sequence is
|
||||||
/(*MARK:a\x{100}b)z/alt_verbnames
|
/(*MARK:a\x{100}b)z/alt_verbnames
|
||||||
Failed: error 134 at offset 14: character code point value in \x{} or \o{} is too large
|
Failed: error 134 at offset 14: character code point value in \x{} or \o{} is too large
|
||||||
|
|
||||||
|
/(?'ABC'[bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar]([bar](*THEN:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))/
|
||||||
|
|
||||||
# End of testinput9
|
# End of testinput9
|
||||||
|
|
Loading…
Reference in New Issue