Make pcretest check size of \O argument.

git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1686 2f5784b3-3f2a-0410-8824-cb99058d5e15

2 files changed, 16 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 7055476..a226e21 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,7 +23,12 @@ following '+' or '?' (example: /X+(?#comment)?Y/.
 5.  Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr 
 Pisar).
 
-6. Check for values < 256 when calling isprint() in pcretest.
+6.  Fuzzers have reported issues in pcretest. These are NOT serious (it is, 
+after all, just a test program). However, to stop the reports, some easy ones 
+are fixed:
+
+    (a) Check for values < 256 when calling isprint() in pcretest.
+    (b) Give an error for too big a number after \O. 
 
 
 Version 8.40 11-January-2017
diff --git a/pcretest.c b/pcretest.c
index 797f99c..0a153be 100644
--- a/pcretest.c
+++ b/pcretest.c
@@ -4834,7 +4834,16 @@ while (!done)
         continue;
 
         case 'O':
-        while(isdigit(*p)) n = n * 10 + *p++ - '0';
+        while(isdigit(*p)) 
+          {
+          if (n > (INT_MAX-10)/10)   /* Hack to stop fuzzers */
+            {
+            printf("** \\O argument is too big\n");
+            yield = 1;
+            goto EXIT;   
+            }  
+          n = n * 10 + *p++ - '0';
+          } 
         if (n > size_offsets_max)
           {
           size_offsets_max = n;