diff options
author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2017-02-23 16:24:08 +0000 |
---|---|---|
committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2017-02-23 16:24:08 +0000 |
commit | 312dd5d85714f73c247131b541405cf0bf24581b (patch) | |
tree | 6238469a46d60cfae6e2e25426fbfb729e0837ca | |
parent | 686660568dde71f9a7f8791cbb8a77702b3ea820 (diff) | |
download | pcre-312dd5d85714f73c247131b541405cf0bf24581b.tar.gz |
Make pcretest check size of \O argument.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1686 2f5784b3-3f2a-0410-8824-cb99058d5e15
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | pcretest.c | 11 |
2 files changed, 16 insertions, 2 deletions
@@ -23,7 +23,12 @@ following '+' or '?' (example: /X+(?#comment)?Y/. 5. Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr Pisar). -6. Check for values < 256 when calling isprint() in pcretest. +6. Fuzzers have reported issues in pcretest. These are NOT serious (it is, +after all, just a test program). However, to stop the reports, some easy ones +are fixed: + + (a) Check for values < 256 when calling isprint() in pcretest. + (b) Give an error for too big a number after \O. Version 8.40 11-January-2017 @@ -4834,7 +4834,16 @@ while (!done) continue; case 'O': - while(isdigit(*p)) n = n * 10 + *p++ - '0'; + while(isdigit(*p)) + { + if (n > (INT_MAX-10)/10) /* Hack to stop fuzzers */ + { + printf("** \\O argument is too big\n"); + yield = 1; + goto EXIT; + } + n = n * 10 + *p++ - '0'; + } if (n > size_offsets_max) { size_offsets_max = n; |