Cap minimum length at 65535 and check for integer overflow.
This commit is contained in:
parent
1bd3658bd9
commit
a710d3b37b
|
@ -275,6 +275,9 @@ especially when recursion or subroutine calls are involved.
|
|||
80. Allow for the possibility of the size of the nest_save structure not being
|
||||
a factor of the size of the compiling workspace (it currently is).
|
||||
|
||||
81. Check for integer overflow in minimum length calculation and cap it at
|
||||
65535.
|
||||
|
||||
|
||||
Version 10.20 30-June-2015
|
||||
--------------------------
|
||||
|
|
|
@ -7,7 +7,7 @@ and semantics are as close as possible to those of the Perl 5 language.
|
|||
|
||||
Written by Philip Hazel
|
||||
Original API code Copyright (c) 1997-2012 University of Cambridge
|
||||
New API code Copyright (c) 2014 University of Cambridge
|
||||
New API code Copyright (c) 2015 University of Cambridge
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
|
@ -123,7 +123,7 @@ for (;;)
|
|||
PCRE2_UCHAR *cs, *ce;
|
||||
register PCRE2_UCHAR op = *cc;
|
||||
|
||||
if (branchlength > UINT16_MAX) return branchlength;
|
||||
if (branchlength >= UINT16_MAX) return UINT16_MAX;
|
||||
|
||||
switch (op)
|
||||
{
|
||||
|
@ -562,7 +562,13 @@ for (;;)
|
|||
break;
|
||||
}
|
||||
|
||||
branchlength += min * d;
|
||||
/* Take care not to overflow: (1) min and d are ints, so check that their
|
||||
product is not greater than INT_MAX. (2) branchlength is limited to
|
||||
UINT16_MAX (checked at the top of the loop). */
|
||||
|
||||
if ((d > 0 && (INT_MAX/d) < min) || UINT16_MAX - branchlength < min*d)
|
||||
branchlength = UINT16_MAX;
|
||||
else branchlength += min * d;
|
||||
break;
|
||||
|
||||
/* Recursion always refers to the first occurrence of a subpattern with a
|
||||
|
|
|
@ -4631,4 +4631,8 @@ a)"xI
|
|||
|
||||
/\[()]{1024}/I,expand
|
||||
|
||||
# Test minlength capped at 65535
|
||||
|
||||
/(A{65000})\1{65000}/I
|
||||
|
||||
# End of testinput2
|
||||
|
|
|
@ -14743,4 +14743,13 @@ Capturing subpattern count = 1024
|
|||
May match empty string
|
||||
Subject length lower bound = 0
|
||||
|
||||
# Test minlength capped at 65535
|
||||
|
||||
/(A{65000})\1{65000}/I
|
||||
Capturing subpattern count = 1
|
||||
Max back reference = 1
|
||||
First code unit = 'A'
|
||||
Last code unit = 'A'
|
||||
Subject length lower bound = 65535
|
||||
|
||||
# End of testinput2
|
||||
|
|
Loading…
Reference in New Issue