Fix read overflow for invalid VERSION test with one fractional digit at the end

of a pattern. Fixes ClusterFuzz 23779. git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1266 6239d852-aaf2-0410-a92c-79f79f948069
author: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069> 2020-06-29 15:35:49 +0000
committer: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069> 2020-06-29 15:35:49 +0000
commit: 4089a9d71445fbe48ce41dd5cb595dba88c18a26 (patch)
tree: 79853fb1119b2b1ef67e63b4052e461c255e68e8 /src/pcre2_compile.c
parent: f2b7cd8e64acbd7298eb0e315cdee043446e00f6 (diff)
download: pcre2-4089a9d71445fbe48ce41dd5cb595dba88c18a26.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
index 136d583..e811f12 100644
--- a/src/pcre2_compile.c
+++ b/src/pcre2_compile.c
@@ -4331,6 +4331,7 @@ while (ptr < ptrend)
           {
           if (++ptr >= ptrend || !IS_DIGIT(*ptr)) goto BAD_VERSION_CONDITION;
           minor = (*ptr++ - CHAR_0) * 10;
+          if (ptr >= ptrend) goto BAD_VERSION_CONDITION;
           if (IS_DIGIT(*ptr)) minor += *ptr++ - CHAR_0;
           if (ptr >= ptrend || *ptr != CHAR_RIGHT_PARENTHESIS)
             goto BAD_VERSION_CONDITION;
author	ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>	2020-06-29 15:35:49 +0000
committer	ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>	2020-06-29 15:35:49 +0000
commit	4089a9d71445fbe48ce41dd5cb595dba88c18a26 (patch)
tree	79853fb1119b2b1ef67e63b4052e461c255e68e8 /src/pcre2_compile.c
parent	f2b7cd8e64acbd7298eb0e315cdee043446e00f6 (diff)
download	pcre2-4089a9d71445fbe48ce41dd5cb595dba88c18a26.tar.gz