diff options
author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2017-03-27 16:00:16 +0000 |
---|---|---|
committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2017-03-27 16:00:16 +0000 |
commit | b2f1496a36e68565421bd21485605d6af2a5819f (patch) | |
tree | 9cb03e2ec41830daa281c52b291d2c5e518e21ca | |
parent | f6f0dd9cdc9e4df83c6d1686dfc962ff82c2ee2b (diff) | |
download | pcre-b2f1496a36e68565421bd21485605d6af2a5819f.tar.gz |
Fix typo (leading to possible buffer overflow in pcre_copy_substring()) in
pcretest.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1691 2f5784b3-3f2a-0410-8824-cb99058d5e15
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | pcretest.c | 4 |
2 files changed, 5 insertions, 2 deletions
@@ -37,6 +37,9 @@ maximum) caused a crash. 8. The alternative matching function, pcre_dfa_exec() misbehaved if it encountered a character class with a possessive repeat, for example [a-f]{3}+. +9. When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer +length incorrectly, which could result in buffer overflow. + Version 8.40 11-January-2017 ---------------------------- @@ -426,11 +426,11 @@ argument, the casting might be incorrectly applied. */ #define PCRE_COPY_NAMED_SUBSTRING32(rc, re, bptr, offsets, count, \ namesptr, cbuffer, size) \ rc = pcre32_copy_named_substring((pcre32 *)re, (PCRE_SPTR32)bptr, offsets, \ - count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/2) + count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/4) #define PCRE_COPY_SUBSTRING32(rc, bptr, offsets, count, i, cbuffer, size) \ rc = pcre32_copy_substring((PCRE_SPTR32)bptr, offsets, count, i, \ - (PCRE_UCHAR32 *)cbuffer, size/2) + (PCRE_UCHAR32 *)cbuffer, size/4) #define PCRE_DFA_EXEC32(count, re, extra, bptr, len, start_offset, options, \ offsets, size_offsets, workspace, size_workspace) \ |