Fix typo (leading to possible buffer overflow in pcre_copy_substring()) in

pcretest.


git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1691 2f5784b3-3f2a-0410-8824-cb99058d5e15

2 files changed, 5 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index f308175..8d531bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,9 @@ maximum) caused a crash.
 8. The alternative matching function, pcre_dfa_exec() misbehaved if it
 encountered a character class with a possessive repeat, for example [a-f]{3}+.
 
+9. When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer 
+length incorrectly, which could result in buffer overflow.
+
 
 Version 8.40 11-January-2017
 ----------------------------
diff --git a/pcretest.c b/pcretest.c
index 0a153be..26578e1 100644
--- a/pcretest.c
+++ b/pcretest.c
@@ -426,11 +426,11 @@ argument, the casting might be incorrectly applied. */
 #define PCRE_COPY_NAMED_SUBSTRING32(rc, re, bptr, offsets, count, \
     namesptr, cbuffer, size) \
   rc = pcre32_copy_named_substring((pcre32 *)re, (PCRE_SPTR32)bptr, offsets, \
-    count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/2)
+    count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/4)
 
 #define PCRE_COPY_SUBSTRING32(rc, bptr, offsets, count, i, cbuffer, size) \
   rc = pcre32_copy_substring((PCRE_SPTR32)bptr, offsets, count, i, \
-    (PCRE_UCHAR32 *)cbuffer, size/2)
+    (PCRE_UCHAR32 *)cbuffer, size/4)
 
 #define PCRE_DFA_EXEC32(count, re, extra, bptr, len, start_offset, options, \
     offsets, size_offsets, workspace, size_workspace) \