diff options
author | zherczeg <zherczeg@6239d852-aaf2-0410-a92c-79f79f948069> | 2018-09-18 10:19:14 +0000 |
---|---|---|
committer | zherczeg <zherczeg@6239d852-aaf2-0410-a92c-79f79f948069> | 2018-09-18 10:19:14 +0000 |
commit | 7631cfc720ba913fe3ffa1f23fb747d91d1d7d48 (patch) | |
tree | b1950c28db5a59f1b1f37d7e3f4f9ca87e47f51e | |
parent | 381097419bef99006f022588dc299311f6378c5a (diff) | |
download | pcre2-7631cfc720ba913fe3ffa1f23fb747d91d1d7d48.tar.gz |
Fix subject buffer overread in JIT. Found by Yunho Kim.
git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1011 6239d852-aaf2-0410-a92c-79f79f948069
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | src/pcre2_jit_compile.c | 2 | ||||
-rw-r--r-- | src/pcre2_jit_test.c | 4 |
3 files changed, 8 insertions, 1 deletions
@@ -9,6 +9,9 @@ Version 10.33-RC1 15-September-2018 ovector that shouldn't be changed, in particular after substitute and failed or partial matches. +2. Fix subject buffer overread in JIT when UTF is disabled and \X or \R has +a greater than 1 fixed quantifier. This issue was found by Yunho Kim. + Version 10.32 10-September-2018 ------------------------------- diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c index dc8cb93..c1d9a44 100644 --- a/src/pcre2_jit_compile.c +++ b/src/pcre2_jit_compile.c @@ -11268,7 +11268,7 @@ if (exact > 1) #ifdef SUPPORT_UNICODE && !common->utf #endif - ) + && type != OP_ANYNL && type != OP_EXTUNI) { OP2(SLJIT_ADD, TMP1, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(exact)); add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_GREATER, TMP1, 0, STR_END, 0)); diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c index d927a36..d5f4a96 100644 --- a/src/pcre2_jit_test.c +++ b/src/pcre2_jit_test.c @@ -1948,6 +1948,10 @@ static struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cas { PCRE2_UTF, CI, 0, 0, 0, 4, 8, { "#\xc7\x85#", NULL }, "\x80\x80#\xc7#\xc7\x85#" }, { PCRE2_UTF, CI, 0, 0, 0, 7, 11, { "#\xc7\x85#", NULL }, "\x80\x80#\xc7\x80\x80\x80#\xc7\x85#" }, + /* These two are not invalid UTF tests, but this infrastructure fits better for them. */ + { 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\X{2}", NULL }, "\r\n\n" }, + { 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\R{2}", NULL }, "\r\n\n" }, + { 0, 0, 0, 0, 0, 0, 0, { NULL, NULL }, NULL } }; |