ap_regex: Follow up to r1897244: Fix pmatch overflow and returned value at limits.

Don't write to pmatch[nlimit:] when ncaps > nlimit, rc should not exceed nmatch
either as before r1897244.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897248 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/server/util_pcre.c b/server/util_pcre.c
index 9bfa4791d8a3e7f361d8227120a5916785787edd..0233d161d6c24bb19ea619c63f99445f347eff23 100644 (file)
--- a/server/util_pcre.c
+++ b/server/util_pcre.c
@@ -428,10 +428,8 @@ AP_DECLARE(int) ap_regexec_len(const ap_regex_t *preg, const char *buff,
 
     if (rc >= 0) {
         apr_size_t n = rc, i;
-        if (rc == 0)
-            rc = ncaps; /* All captured slots were filled in */
-        else if (n > nmatch)
-            n = nmatch;
+        if (n == 0 || n > nmatch)
+            rc = n = nmatch; /* All capture slots were filled in */
         for (i = 0; i < n; i++) {
             pmatch[i].rm_so = ovector[i * 2];
             pmatch[i].rm_eo = ovector[i * 2 + 1];