diff options
| author | Yusuke Endoh <mame@ruby-lang.org> | 2022-10-25 15:45:40 +0900 |
|---|---|---|
| committer | Yusuke Endoh <mame@ruby-lang.org> | 2022-10-25 17:02:43 +0900 |
| commit | 1d2d25dcadda0764f303183ac091d0c87b432566 (patch) | |
| tree | b9e42a7d3aa1b036b646883825d7a6e26fbe8a5c /regparse.c | |
| parent | 114e71d06280f9c57b9859ee4405ae89a989ddb6 (diff) | |
| download | ruby-1d2d25dcadda0764f303183ac091d0c87b432566.tar.gz | |
Prevent potential buffer overrun in onigmo
A code pattern `p + enclen(enc, p, pend)` may lead to a buffer overrun
if incomplete bytes of a UTF-8 character is placed at the end of a
string. Because this pattern is used in several places in onigmo,
this change fixes the issue in the side of `enclen`: the function should
not return a number that is larger than `pend - p`.
Co-Authored-By: Nobuyoshi Nakada <nobu@ruby-lang.org>
Diffstat (limited to 'regparse.c')
| -rw-r--r-- | regparse.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/regparse.c b/regparse.c index 513e0a8c7a..4ebd5f1c46 100644 --- a/regparse.c +++ b/regparse.c @@ -3799,7 +3799,6 @@ fetch_token(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) } else { /* string */ p = tok->backp + enclen(enc, tok->backp, end); - if (p > end) return ONIGERR_END_PATTERN_AT_ESCAPE; } } break; |