diff options
| author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2010-03-09 16:50:47 +0000 |
|---|---|---|
| committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2010-03-09 16:50:47 +0000 |
| commit | 250a3ddc63de137b12903959e6aba30a21674d51 (patch) | |
| tree | f3351f6d2f2fb30342608bcab82730a8703e0640 | |
| parent | 5783ade86fa125a2c886ad890c49d601797c90b6 (diff) | |
| download | pcre-250a3ddc63de137b12903959e6aba30a21674d51.tar.gz | |
Improve compile-time overrun checking.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@505 2f5784b3-3f2a-0410-8824-cb99058d5e15
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | pcre_compile.c | 9 |
2 files changed, 12 insertions, 2 deletions
@@ -57,6 +57,11 @@ Version 8.02 01-Mar-2010 second branch in the above example - was incorrectly given the compile- time error "recursive call could loop indefinitely" because pcre_compile() was not correctly checking the subroutine for matching a non-empty string. + +14. The checks for overrunning compiling workspace could trigger after an + overrun had occurred. This is a "should never occur" error, but it can be + triggered by pathological patterns such as hundreds of nested parentheses. + The checks now trigger 100 bytes before the end of the workspace. Version 8.01 19-Jan-2010 diff --git a/pcre_compile.c b/pcre_compile.c index 1a62ccb..090a613 100644 --- a/pcre_compile.c +++ b/pcre_compile.c @@ -92,6 +92,11 @@ is 4 there is plenty of room. */ #define COMPILE_WORK_SIZE (4096) +/* The overrun tests check for a slightly smaller size so that they detect the +overrun before it actually does run off the end of the data block. */ + +#define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100) + /* Table for handling escaped characters in the range '0'-'z'. Positive returns are simple data values; negative values are for special things like \d and so @@ -2760,7 +2765,7 @@ for (;; ptr++) #ifdef PCRE_DEBUG if (code > cd->hwm) cd->hwm = code; /* High water info */ #endif - if (code > cd->start_workspace + COMPILE_WORK_SIZE) /* Check for overrun */ + if (code > cd->start_workspace + WORK_SIZE_CHECK) /* Check for overrun */ { *errorcodeptr = ERR52; goto FAILED; @@ -2809,7 +2814,7 @@ for (;; ptr++) /* In the real compile phase, just check the workspace used by the forward reference list. */ - else if (cd->hwm > cd->start_workspace + COMPILE_WORK_SIZE) + else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK) { *errorcodeptr = ERR52; goto FAILED; |