1 From f6efcf125123199d446c5561266c3c3846ed9f30 Mon Sep 17 00:00:00 2001
2 From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
3 Date: Wed, 3 Jun 2015 16:51:59 +0000
4 Subject: [PATCH] Fix another buffer overflow.
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
11 commit 225f0d5eb16c7a26591a1e3f286c7476907b5a6a
12 Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
13 Date: Wed Jun 3 16:51:59 2015 +0000
15 Fix another buffer overflow.
17 git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1562 2f5784b3-3f2a-0410-8824-cb99058d5e15
19 Signed-off-by: Petr Písař <ppisar@redhat.com>
21 pcre_compile.c | 7 ++++++-
22 testdata/testinput2 | 2 ++
23 testdata/testoutput11-16 | 2 +-
24 testdata/testoutput11-32 | 2 +-
25 testdata/testoutput11-8 | 2 +-
26 testdata/testoutput2 | 2 ++
27 6 files changed, 13 insertions(+), 4 deletions(-)
29 diff --git a/pcre_compile.c b/pcre_compile.c
30 index 8b4aaef..f5d2384 100644
33 @@ -7210,7 +7210,12 @@ for (;; ptr++)
34 real compile this will be picked up and the reference wrapped with
35 OP_ONCE to make it atomic, so we must space in case this occurs. */
37 - if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
38 + /* In fact, this can happen for a non-forward reference because
39 + another group with the same number might be created later. This
40 + issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
41 + only mode, we finesse the bug by allowing more memory always. */
43 + /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
46 /* In the real compile, search the name table. We check the name
47 diff --git a/testdata/testinput2 b/testdata/testinput2
48 index 5cc9ce6..e12de3a 100644
49 --- a/testdata/testinput2
50 +++ b/testdata/testinput2
51 @@ -4156,4 +4156,6 @@ backtracking verbs. --/
53 /(?=di(?<=(?1))|(?=(.))))/
55 +"(?J:(?|(?'R')(\k'R')|((?'R'))))"
57 /-- End of testinput2 --/
58 diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
59 index 422f2ad..e222e7c 100644
60 --- a/testdata/testoutput11-16
61 +++ b/testdata/testoutput11-16
62 @@ -231,7 +231,7 @@ Memory allocation (code space): 73
63 ------------------------------------------------------------------
65 /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
66 -Memory allocation (code space): 61
67 +Memory allocation (code space): 77
68 ------------------------------------------------------------------
71 diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
72 index d953ec8..9a80ec9 100644
73 --- a/testdata/testoutput11-32
74 +++ b/testdata/testoutput11-32
75 @@ -231,7 +231,7 @@ Memory allocation (code space): 155
76 ------------------------------------------------------------------
78 /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
79 -Memory allocation (code space): 125
80 +Memory allocation (code space): 157
81 ------------------------------------------------------------------
84 diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
85 index 6ec18ec..3adaca2 100644
86 --- a/testdata/testoutput11-8
87 +++ b/testdata/testoutput11-8
88 @@ -231,7 +231,7 @@ Memory allocation (code space): 45
89 ------------------------------------------------------------------
91 /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
92 -Memory allocation (code space): 38
93 +Memory allocation (code space): 50
94 ------------------------------------------------------------------
97 diff --git a/testdata/testoutput2 b/testdata/testoutput2
98 index 4decb8d..5bad26c 100644
99 --- a/testdata/testoutput2
100 +++ b/testdata/testoutput2
101 @@ -14428,4 +14428,6 @@ Failed: lookbehind assertion is not fixed length at offset 17
102 /(?=di(?<=(?1))|(?=(.))))/
103 Failed: unmatched parentheses at offset 23
105 +"(?J:(?|(?'R')(\k'R')|((?'R'))))"
107 /-- End of testinput2 --/
projects / people / pmueller / ipfire-2.x.git / blob