]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | --- pcre-4.5/pcre.c.tn 2003-12-10 17:45:44.000000000 +0100 |
2 | +++ pcre-4.5/pcre.c 2005-08-19 15:11:17.000000000 +0200 | |
3 | @@ -1047,7 +1047,18 @@ | |
4 | int min = 0; | |
5 | int max = -1; | |
6 | ||
7 | +/* Read the minimum value and do a paranoid check: a negative value indicates | |
8 | +an integer overflow. */ | |
9 | + | |
10 | while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; | |
11 | +if (min < 0 || min > 65535) | |
12 | + { | |
13 | + *errorptr = ERR5; | |
14 | + return p; | |
15 | + } | |
16 | + | |
17 | +/* Read the maximum value if there is one, and again do a paranoid on its size. | |
18 | +Also, max must not be less than min. */ | |
19 | ||
20 | if (*p == '}') max = min; else | |
21 | { | |
22 | @@ -1055,6 +1066,11 @@ | |
23 | { | |
24 | max = 0; | |
25 | while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; | |
26 | + if (max < 0 || max > 65535) | |
27 | + { | |
28 | + *errorptr = ERR5; | |
29 | + return p; | |
30 | + } | |
31 | if (max < min) | |
32 | { | |
33 | *errorptr = ERR4; | |
34 | @@ -1063,16 +1079,11 @@ | |
35 | } | |
36 | } | |
37 | ||
38 | -/* Do paranoid checks, then fill in the required variables, and pass back the | |
39 | -pointer to the terminating '}'. */ | |
40 | +/* Fill in the required variables, and pass back the pointer to the terminating | |
41 | +'}'. */ | |
42 | ||
43 | -if (min > 65535 || max > 65535) | |
44 | - *errorptr = ERR5; | |
45 | -else | |
46 | - { | |
47 | - *minp = min; | |
48 | - *maxp = max; | |
49 | - } | |
50 | +*minp = min; | |
51 | +*maxp = max; | |
52 | return p; | |
53 | } | |
54 |