diff options
author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-06-08 17:55:54 +0000 |
---|---|---|
committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-06-08 17:55:54 +0000 |
commit | 2de04da37bc9ec8f3ec74378839e5bfa7283ea1c (patch) | |
tree | 2b7610a840f8a592554e6885ecc07fad63d8c8ca /pcre_compile.c | |
parent | 225f0d5eb16c7a26591a1e3f286c7476907b5a6a (diff) | |
download | pcre-2de04da37bc9ec8f3ec74378839e5bfa7283ea1c.tar.gz |
Add integer overflow check to (?n) code.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1563 2f5784b3-3f2a-0410-8824-cb99058d5e15
Diffstat (limited to 'pcre_compile.c')
-rw-r--r-- | pcre_compile.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pcre_compile.c b/pcre_compile.c index 4bec590..09b0e38 100644 --- a/pcre_compile.c +++ b/pcre_compile.c @@ -7353,7 +7353,15 @@ for (;; ptr++) recno = 0; while(IS_DIGIT(*ptr)) + { + if (recno > INT_MAX / 10 - 1) /* Integer overflow */ + { + while (IS_DIGIT(*ptr)) ptr++; + *errorcodeptr = ERR61; + goto FAILED; + } recno = recno * 10 + *ptr++ - CHAR_0; + } if (*ptr != (pcre_uchar)terminator) { |