Check for integer overflow in subroutine calls.
This commit is contained in:
parent
4c0414c813
commit
ff4553df08
|
@ -146,6 +146,8 @@ code for handling forward references was contorted and led to several errors in
|
|||
computing the memory requirements for some patterns, leading to buffer
|
||||
overflows.
|
||||
|
||||
37. There was no check for integer overflow in subroutine calls such as (?123).
|
||||
|
||||
|
||||
Version 10.10 06-March-2015
|
||||
---------------------------
|
||||
|
|
|
@ -6484,7 +6484,15 @@ for (;; ptr++)
|
|||
|
||||
recno = 0;
|
||||
while (IS_DIGIT(*ptr))
|
||||
{
|
||||
if (recno > INT_MAX / 10 - 1) /* Integer overflow */
|
||||
{
|
||||
while (IS_DIGIT(*ptr)) ptr++;
|
||||
*errorcodeptr = ERR61;
|
||||
goto FAILED;
|
||||
}
|
||||
recno = recno * 10 + *ptr++ - CHAR_0;
|
||||
}
|
||||
|
||||
if (*ptr != (PCRE2_UCHAR)terminator)
|
||||
{
|
||||
|
|
|
@ -4323,4 +4323,6 @@ a random value. /Ix
|
|||
|
||||
"(?J:(?|(?'R')(\k'R')|((?'R'))))"
|
||||
|
||||
/(?<=|(\,\$(?73591620449005828816)\xa8.{7}){6}\x09)/
|
||||
|
||||
# End of testinput2
|
||||
|
|
|
@ -14449,4 +14449,7 @@ Failed: error 162 at offset 4: subpattern name expected
|
|||
|
||||
"(?J:(?|(?'R')(\k'R')|((?'R'))))"
|
||||
|
||||
/(?<=|(\,\$(?73591620449005828816)\xa8.{7}){6}\x09)/
|
||||
Failed: error 161 at offset 32: number is too big
|
||||
|
||||
# End of testinput2
|
||||
|
|
Loading…
Reference in New Issue