From aae44b83f89d2c9c87804a5f19846298492bfddd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zolt=C3=A1n=20Herczeg?= <hzmester@freemail.hu>
Date: Mon, 9 Sep 2019 07:12:00 +0000
Subject: [PATCH] Add underflow check in JIT.

---
 ChangeLog               | 3 +++
 src/pcre2_jit_compile.c | 8 ++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 62cd860..948c147 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -146,6 +146,9 @@ compile-time performance improvement).
 31. Installed a .gitignore file on a user's suggestion. When using the svn
 repository with git (through git svn) this helps keep it tidy.
 
+32. Add underflow check in JIT which may occure when the value of subject
+string pointer is close to 0.
+
 
 Version 10.33 16-April-2019
 ---------------------------
diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
index 8cbd8f9..79a27fd 100644
--- a/src/pcre2_jit_compile.c
+++ b/src/pcre2_jit_compile.c
@@ -5793,12 +5793,16 @@ if (common->match_end_ptr != 0)
   {
   OP1(SLJIT_MOV, TMP1, 0, SLJIT_MEM1(SLJIT_SP), common->match_end_ptr);
   OP1(SLJIT_MOV, TMP3, 0, STR_END, 0);
-  OP2(SLJIT_SUB, STR_END, 0, STR_END, 0, SLJIT_IMM, IN_UCHARS(max));
+  OP2(SLJIT_SUB | SLJIT_SET_LESS, STR_END, 0, STR_END, 0, SLJIT_IMM, IN_UCHARS(max));
+  add_jump(compiler, &common->failed_match, JUMP(SLJIT_LESS));
   OP2(SLJIT_SUB | SLJIT_SET_GREATER, SLJIT_UNUSED, 0, STR_END, 0, TMP1, 0);
   CMOV(SLJIT_GREATER, STR_END, TMP1, 0);
   }
 else
-  OP2(SLJIT_SUB, STR_END, 0, STR_END, 0, SLJIT_IMM, IN_UCHARS(max));
+  {
+  OP2(SLJIT_SUB | SLJIT_SET_LESS, STR_END, 0, STR_END, 0, SLJIT_IMM, IN_UCHARS(max));
+  add_jump(compiler, &common->failed_match, JUMP(SLJIT_LESS));
+  }
 
 SLJIT_ASSERT(range_right >= 0);