Fix another buffer overflow.

git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1562 2f5784b3-3f2a-0410-8824-cb99058d5e15
author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> 2015-06-03 16:51:59 +0000
committer: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> 2015-06-03 16:51:59 +0000
commit: 225f0d5eb16c7a26591a1e3f286c7476907b5a6a (patch)
tree: 67d1bc1e89218d81bcc1036b112e7a2cd5c35652 /pcre_compile.c
parent: 2307c36e32ee1867272789290e53070b70f01613 (diff)
download: pcre-225f0d5eb16c7a26591a1e3f286c7476907b5a6a.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/pcre_compile.c b/pcre_compile.c
index 6974356..4bec590 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7214,7 +7214,12 @@ for (;; ptr++)
           real compile this will be picked up and the reference wrapped with
           OP_ONCE to make it atomic, so we must space in case this occurs. */
 
-          if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
+          /* In fact, this can happen for a non-forward reference because
+          another group with the same number might be created later. This
+          issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
+          only mode, we finesse the bug by allowing more memory always. */
+
+          /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
           }
 
         /* In the real compile, search the name table. We check the name
author	ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>	2015-06-03 16:51:59 +0000
committer	ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>	2015-06-03 16:51:59 +0000
commit	225f0d5eb16c7a26591a1e3f286c7476907b5a6a (patch)
tree	67d1bc1e89218d81bcc1036b112e7a2cd5c35652 /pcre_compile.c
parent	2307c36e32ee1867272789290e53070b70f01613 (diff)
download	pcre-225f0d5eb16c7a26591a1e3f286c7476907b5a6a.tar.gz