diff options
author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-06-03 16:51:59 +0000 |
---|---|---|
committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-06-03 16:51:59 +0000 |
commit | 225f0d5eb16c7a26591a1e3f286c7476907b5a6a (patch) | |
tree | 67d1bc1e89218d81bcc1036b112e7a2cd5c35652 /pcre_compile.c | |
parent | 2307c36e32ee1867272789290e53070b70f01613 (diff) | |
download | pcre-225f0d5eb16c7a26591a1e3f286c7476907b5a6a.tar.gz |
Fix another buffer overflow.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1562 2f5784b3-3f2a-0410-8824-cb99058d5e15
Diffstat (limited to 'pcre_compile.c')
-rw-r--r-- | pcre_compile.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/pcre_compile.c b/pcre_compile.c index 6974356..4bec590 100644 --- a/pcre_compile.c +++ b/pcre_compile.c @@ -7214,7 +7214,12 @@ for (;; ptr++) real compile this will be picked up and the reference wrapped with OP_ONCE to make it atomic, so we must space in case this occurs. */ - if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE; + /* In fact, this can happen for a non-forward reference because + another group with the same number might be created later. This + issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance + only mode, we finesse the bug by allowing more memory always. */ + + /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE; } /* In the real compile, search the name table. We check the name |