diff options
author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-02-06 16:10:27 +0000 |
---|---|---|
committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-02-06 16:10:27 +0000 |
commit | da94ea30b05d1eb6bb763a51708e3e72cdbb4158 (patch) | |
tree | ceebae92e65d5b352c9aa6cf2c0208a9d779367d | |
parent | 2a19539e8399a874fdeea663fd8aa0267f0af3b5 (diff) | |
download | pcre-da94ea30b05d1eb6bb763a51708e3e72cdbb4158.tar.gz |
Catch auto-possessification potential loop for bad UTF pattern with
NO_UTF_CHECK.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1518 2f5784b3-3f2a-0410-8824-cb99058d5e15
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | pcre_compile.c | 8 |
2 files changed, 12 insertions, 0 deletions
@@ -23,6 +23,10 @@ Version 8.37 xx-xxx-2015 5. Fixed a memory leak during matching that could occur for a subpattern subroutine call (recursive or otherwise) if the number of captured groups that had to be saved was greater than ten. + +6. Catch a bad opcode during auto-possessification after compiling a bad UTF + string with NO_UTF_CHECK. This is a tidyup, not a bug fix, as passing bad + UTF with NO_UTF_CHECK is documented as having an undefined outcome. Version 8.36 26-September-2014 diff --git a/pcre_compile.c b/pcre_compile.c index efc0b21..03f5e56 100644 --- a/pcre_compile.c +++ b/pcre_compile.c @@ -3610,6 +3610,14 @@ for (;;) { c = *code; + /* When a pattern with bad UTF-8 encoding is compiled with NO_UTF_CHECK, + it may compile without complaining, but may get into a loop here if the code + pointer points to a bad value. This is, of course a documentated possibility, + when NO_UTF_CHECK is set, so it isn't a bug, but we can detect this case and + just give up on this optimization. */ + + if (c >= OP_TABLE_LENGTH) return; + if (c >= OP_STAR && c <= OP_TYPEPOSUPTO) { c -= get_repeat_base(c) - OP_STAR; |