walkero
/
pcre2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix dodgy code for UTF-32 checking.

This commit is contained in:
Philip.Hazel 2015-11-01 16:54:17 +00:00
parent a0d04b9fa3
commit aaa23388c7
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -248,6 +248,10 @@ given.
71. In pcre2_substitute() there was the possibility of reading one code unit 71. In pcre2_substitute() there was the possibility of reading one code unit
beyond the end of the replacement string. beyond the end of the replacement string.
72. The code for checking a subject's UTF-32 validity for a pattern with a
lookbehind involved an out-of-bounds pointer, which could potentially cause
trouble in some environments.
Version 10.20 30-June-2015 Version 10.20 30-June-2015
-------------------------- --------------------------

12
src/pcre2_match.c
View File

@ -6566,9 +6566,15 @@ if (utf && (options & PCRE2_NO_UTF_CHECK) == 0)
#endif /* PCRE2_CODE_UNIT_WIDTH == 8 */ #endif /* PCRE2_CODE_UNIT_WIDTH == 8 */
check_subject--; check_subject--;
} }
#else /* In the 32-bit library, one code unit equals one character. */ #else
check_subject -= re->max_lookbehind; /* In the 32-bit library, one code unit equals one character. However,
if (check_subject < subject) check_subject = subject; we cannot just subtract the lookbehind and then compare pointers, because
a very large lookbehind could create an invalid pointer. */
if (start_offset >= re->max_lookbehind)
check_subject -= re->max_lookbehind;
else
check_subject = subject;
#endif /* PCRE2_CODE_UNIT_WIDTH != 32 */ #endif /* PCRE2_CODE_UNIT_WIDTH != 32 */
} }