walkero
/
pcre2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix 32-bit error buffer size bug in pcre2test (Bugzilla 2079).

This commit is contained in:
Philip.Hazel 2017-03-21 17:46:21 +00:00
parent 338a37e9e0
commit cde5f12cee
6 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -76,6 +76,10 @@ or deserialization (the "load" or "save" commands).
12. Fix potential NULL dereference in pcre2_callout_enumerate() if called with
a NULL pattern pointer when Unicode support is available.
13. When the 32-bit library was being tested by pcre2test, error messages that
were longer than 64 code units could cause a buffer overflow. This was a bug in
pcre2test.
Version 10.23 14-February-2017
------------------------------

10
doc/pcre2api.3
View File

@ -1,4 +1,4 @@
.TH PCRE2API 3 "24 December 2016" "PCRE2 10.23"
.TH PCRE2API 3 "21 March 2017" "PCRE2 10.30"
.SH NAME
PCRE2 - Perl-compatible regular expressions (revised API)
.sp
@ -2633,8 +2633,8 @@ The internal recursion limit was reached.
A text message for an error code from any PCRE2 function (compile, match, or
auxiliary) can be obtained by calling \fBpcre2_get_error_message()\fP. The code
is passed as the first argument, with the remaining two arguments specifying a
code unit buffer and its length, into which the text message is placed. Note
that the message is returned in code units of the appropriate width for the
code unit buffer and its length in code units, into which the text message is
placed. The message is returned in code units of the appropriate width for the
library that is being used.
.P
The returned message is terminated with a trailing zero, and the function
@ -3321,6 +3321,6 @@ Cambridge, England.
.rs
.sp
.nf
Last updated: 23 December 2016
Copyright (c) 1997-2016 University of Cambridge.
Last updated: 21 March 2017
Copyright (c) 1997-2017 University of Cambridge.
.fi

2
src/pcre2_error.c
View File

@ -271,7 +271,7 @@ distinct.
Arguments:
enumber error number
buffer where to put the message (zero terminated)
size size of the buffer
size size of the buffer in code units
Returns: length of message if all is well
negative on error

7
src/pcre2test.c
View File

@ -2889,7 +2889,7 @@ if (pbuffer32_size < 4*len + 4)
{
if (pbuffer32 != NULL) free(pbuffer32);
pbuffer32_size = 4*len + 4;
if (pbuffer32_size < 256) pbuffer32_size = 256;
if (pbuffer32_size < 512) pbuffer32_size = 512;
pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
if (pbuffer32 == NULL)
{
@ -7600,7 +7600,8 @@ if (arg_error != NULL)
int errcode;
char *endptr;
/* Ensure the relevant non-8-bit buffer is available. */
/* Ensure the relevant non-8-bit buffer is available. Ensure that it is at
least 128 code units, because it is used for retrieving error messages. */
#ifdef SUPPORT_PCRE2_16
if (test_mode == PCRE16_MODE)
@ -7620,7 +7621,7 @@ if (arg_error != NULL)
#ifdef SUPPORT_PCRE2_32
if (test_mode == PCRE32_MODE)
{
pbuffer32_size = 256;
pbuffer32_size = 512;
pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
if (pbuffer32 == NULL)
{

2
testdata/testinput2 vendored
View File

@ -5017,4 +5017,6 @@ a)"xI
/(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
/\g{3/
# End of testinput2

3
testdata/testoutput2 vendored
View File

@ -15570,6 +15570,9 @@ No match
/(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
/\g{3/
Failed: error 157 at offset 2: \g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
# End of testinput2
Error -63: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data