summaryrefslogtreecommitdiff
path: root/pcre_compile.c
diff options
context:
space:
mode:
authorph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>2015-05-16 11:05:40 +0000
committerph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>2015-05-16 11:05:40 +0000
commit2fa78aa4e42bcebf2d616c4ee89c012f29dc3447 (patch)
treea45abf928ba1e6f2aef5fbe82c8725b98d3eb97b /pcre_compile.c
parent4b79af6b4cbeb5326ae5e4d83f3e935e00286c19 (diff)
downloadpcre-2fa78aa4e42bcebf2d616c4ee89c012f29dc3447.tar.gz
Fix named forward reference to duplicate group number overflow bug.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1559 2f5784b3-3f2a-0410-8824-cb99058d5e15
Diffstat (limited to 'pcre_compile.c')
-rw-r--r--pcre_compile.c26
1 files changed, 17 insertions, 9 deletions
diff --git a/pcre_compile.c b/pcre_compile.c
index fd413ac..245a311 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7187,15 +7187,15 @@ for (;; ptr++)
open_capitem *oc;
recno = ng->number;
if (is_recurse) break;
- for (oc = cd->open_caps; oc != NULL; oc = oc->next)
- {
- if (oc->number == recno)
- {
- oc->flag = TRUE;
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+ {
+ if (oc->number == recno)
+ {
+ oc->flag = TRUE;
break;
- }
- }
- }
+ }
+ }
+ }
}
/* Count named back references. */
@@ -7207,6 +7207,14 @@ for (;; ptr++)
16-bit data item. */
*lengthptr += IMM2_SIZE;
+
+ /* If this is a forward reference and we are within a (?|...) group,
+ the reference may end up as the number of a group which we are
+ currently inside, that is, it could be a recursive reference. In the
+ real compile this will be picked up and the reference wrapped with
+ OP_ONCE to make it atomic, so we must space in case this occurs. */
+
+ if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
}
/* In the real compile, search the name table. We check the name
@@ -7579,7 +7587,7 @@ for (;; ptr++)
previous = NULL;
cd->iscondassert = FALSE;
}
- else
+ else
{
previous = code;
item_hwm_offset = cd->hwm - cd->start_workspace;
View Lorry Controller Status