summaryrefslogtreecommitdiff
path: root/pcre_compile.c
diff options
context:
space:
mode:
authorph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>2015-05-15 17:17:03 +0000
committerph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>2015-05-15 17:17:03 +0000
commit4b79af6b4cbeb5326ae5e4d83f3e935e00286c19 (patch)
tree2af0774e6b0a60d89c2495f414fb681954ea39cc /pcre_compile.c
parent67286d4e31be9cdeef981955efbdf6ec9da53f42 (diff)
downloadpcre-4b79af6b4cbeb5326ae5e4d83f3e935e00286c19.tar.gz
Fix buffer overflow for named recursive back reference when the name is
duplicated. git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1558 2f5784b3-3f2a-0410-8824-cb99058d5e15
Diffstat (limited to 'pcre_compile.c')
-rw-r--r--pcre_compile.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/pcre_compile.c b/pcre_compile.c
index 164584b..fd413ac 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7177,14 +7177,26 @@ for (;; ptr++)
number. If the name is not found, set the value to 0 for a forward
reference. */
+ recno = 0;
ng = cd->named_groups;
for (i = 0; i < cd->names_found; i++, ng++)
{
if (namelen == ng->length &&
STRNCMP_UC_UC(name, ng->name, namelen) == 0)
- break;
+ {
+ open_capitem *oc;
+ recno = ng->number;
+ if (is_recurse) break;
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+ {
+ if (oc->number == recno)
+ {
+ oc->flag = TRUE;
+ break;
+ }
+ }
+ }
}
- recno = (i < cd->names_found)? ng->number : 0;
/* Count named back references. */
View Lorry Controller Status