From be692806851f4883b87fc814adc80ab1bb46455e Mon Sep 17 00:00:00 2001 From: zherczeg Date: Sat, 26 Jan 2013 17:51:43 +0000 Subject: [PATCH] Fix two buffer over read issues in 16 and 32 bit modes. Affects JIT only. git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1242 2f5784b3-3f2a-0410-8824-cb99058d5e15 Petr Pisar: Ported to 8.32. diff --git a/pcre_jit_compile.c b/pcre_jit_compile.c index 3b83340..7dfe558 100644 --- a/pcre_jit_compile.c +++ b/pcre_jit_compile.c @@ -2696,10 +2696,10 @@ if (firstline) { SLJIT_ASSERT(common->first_line_end != 0); OP1(SLJIT_MOV, TMP3, 0, STR_END, 0); - OP2(SLJIT_SUB, STR_END, 0, SLJIT_MEM1(SLJIT_LOCALS_REG), common->first_line_end, SLJIT_IMM, (location >> 1) - 1); + OP2(SLJIT_SUB, STR_END, 0, SLJIT_MEM1(SLJIT_LOCALS_REG), common->first_line_end, SLJIT_IMM, IN_UCHARS((location >> 1) - 1)); } else - OP2(SLJIT_SUB, STR_END, 0, STR_END, 0, SLJIT_IMM, (location >> 1) - 1); + OP2(SLJIT_SUB, STR_END, 0, STR_END, 0, SLJIT_IMM, IN_UCHARS((location >> 1) - 1)); start = LABEL(); quit = CMP(SLJIT_C_GREATER_EQUAL, STR_PTR, 0, STR_END, 0); @@ -2728,7 +2728,7 @@ JUMPHERE(quit); if (firstline) OP1(SLJIT_MOV, STR_END, 0, TMP3, 0); else - OP2(SLJIT_ADD, STR_END, 0, STR_END, 0, SLJIT_IMM, (location >> 1) - 1); + OP2(SLJIT_ADD, STR_END, 0, STR_END, 0, SLJIT_IMM, IN_UCHARS((location >> 1) - 1)); return TRUE; } @@ -3577,7 +3577,7 @@ do #endif context->length -= IN_UCHARS(1); -#if defined SLJIT_UNALIGNED && SLJIT_UNALIGNED +#if (defined SLJIT_UNALIGNED && SLJIT_UNALIGNED) && (defined COMPILE_PCRE8 || defined COMPILE_PCRE16) /* Unaligned read is supported. */ if (othercasebit != 0 && othercasechar == cc) @@ -3594,27 +3594,18 @@ do #if defined COMPILE_PCRE8 if (context->ucharptr >= 4 || context->length == 0 || (context->ucharptr == 2 && context->length == 1)) -#elif defined COMPILE_PCRE16 +#else if (context->ucharptr >= 2 || context->length == 0) -#elif defined COMPILE_PCRE32 - if (1 /* context->ucharptr >= 1 || context->length == 0 */) #endif { -#if defined COMPILE_PCRE8 || defined COMPILE_PCRE16 if (context->length >= 4) OP1(SLJIT_MOV_SI, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length); -#if defined COMPILE_PCRE8 else if (context->length >= 2) OP1(SLJIT_MOV_UH, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length); +#if defined COMPILE_PCRE8 else if (context->length >= 1) OP1(SLJIT_MOV_UB, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length); -#elif defined COMPILE_PCRE16 - else if (context->length >= 2) - OP1(SLJIT_MOV_UH, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length); -#endif /* COMPILE_PCRE[8|16] */ -#elif defined COMPILE_PCRE32 - OP1(MOV_UCHAR, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length); -#endif /* COMPILE_PCRE[8|16|32] */ +#endif /* COMPILE_PCRE8 */ context->sourcereg = context->sourcereg == TMP1 ? TMP2 : TMP1; switch(context->ucharptr) @@ -3625,7 +3616,6 @@ do add_jump(compiler, backtracks, CMP(SLJIT_C_NOT_EQUAL, context->sourcereg, 0, SLJIT_IMM, context->c.asint | context->oc.asint)); break; -#if defined COMPILE_PCRE8 || defined COMPILE_PCRE16 case 2 / sizeof(pcre_uchar): if (context->oc.asushort != 0) OP2(SLJIT_OR, context->sourcereg, 0, context->sourcereg, 0, SLJIT_IMM, context->oc.asushort); @@ -3640,8 +3630,6 @@ do break; #endif -#endif /* COMPILE_PCRE[8|16] */ - default: SLJIT_ASSERT_STOP(); break; @@ -3651,8 +3639,8 @@ do #else - /* Unaligned read is unsupported. */ - if (context->length > 0) + /* Unaligned read is unsupported or in 32 bit mode. */ + if (context->length >= 1) OP1(MOV_UCHAR, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length); context->sourcereg = context->sourcereg == TMP1 ? TMP2 : TMP1; -- 1.8.1