src/patches/pcre-4.5-CAN-2005-2491.patch

   1 --- pcre-4.5/pcre.c.tn  2003-12-10 17:45:44.000000000 +0100
   2 +++ pcre-4.5/pcre.c     2005-08-19 15:11:17.000000000 +0200
   3 @@ -1047,7 +1047,18 @@
   4  int min = 0;
   5  int max = -1;
   6
   7 +/* Read the minimum value and do a paranoid check: a negative value indicates
   8 +an integer overflow. */
   9 +
  10  while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
  11 +if (min < 0 || min > 65535)
  12 +  {
  13 +  *errorptr = ERR5;
  14 +  return p;
  15 +  }
  16 +
  17 +/* Read the maximum value if there is one, and again do a paranoid on its size.
  18 +Also, max must not be less than min. */
  19
  20  if (*p == '}') max = min; else
  21    {
  22 @@ -1055,6 +1066,11 @@
  23      {
  24      max = 0;
  25      while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
  26 +    if (max < 0 || max > 65535)
  27 +      {
  28 +      *errorptr = ERR5;
  29 +      return p;
  30 +      }
  31      if (max < min)
  32        {
  33        *errorptr = ERR4;
  34 @@ -1063,16 +1079,11 @@
  35      }
  36    }
  37
  38 -/* Do paranoid checks, then fill in the required variables, and pass back the
  39 -pointer to the terminating '}'. */
  40 +/* Fill in the required variables, and pass back the pointer to the terminating
  41 +'}'. */
  42
  43 -if (min > 65535 || max > 65535)
  44 -  *errorptr = ERR5;
  45 -else
  46 -  {
  47 -  *minp = min;
  48 -  *maxp = max;
  49 -  }
  50 +*minp = min;
  51 +*maxp = max;
  52  return p;
  53  }
  54