From 3295b48defa0f8570114877b063fe546dd348b3c Mon Sep 17 00:00:00 2001

From: Karl Williamson <khw@cpan.org>

Date: Thu, 20 Feb 2020 17:49:36 +0000

Subject: [PATCH 2/2] regcomp: use long jumps if there is any possibility of

 overflow

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

(CVE-2020-10878) Be conservative for backporting, we'll aim to do

something more aggressive for bleadperl.

(cherry picked from commit 9d7759db46f3b31b1d3f79c44266b6ba42a47fc6)

Signed-off-by: Petr Písař <ppisar@redhat.com>

---

 regcomp.c | 7 +++++++

 1 file changed, 7 insertions(+)

diff --git a/regcomp.c b/regcomp.c

index 4ba2980db6..73c35a6702 100644

--- a/regcomp.c

+++ b/regcomp.c

@@ -7762,6 +7762,13 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,

         /* We have that number in RExC_npar */

         RExC_total_parens = RExC_npar;

+

+        /* XXX For backporting, use long jumps if there is any possibility of

+         * overflow */

+        if (RExC_size > U16_MAX && ! RExC_use_BRANCHJ) {

+            RExC_use_BRANCHJ = TRUE;

+            flags |= RESTART_PARSE;

+        }

     }

     else if (! MUST_RESTART(flags)) {

 	ReREFCNT_dec(Rx);

-- 

2.25.4