|
 |
684a2c |
From 943a5105b9fe2842851003f692c7077a6cdbeefe Mon Sep 17 00:00:00 2001
|
|
|
684a2c |
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
|
|
684a2c |
Date: Wed, 10 Feb 2016 19:13:17 +0000
|
|
|
684a2c |
Subject: [PATCH] Fix workspace overflow for (*ACCEPT) with deeply nested
|
|
|
684a2c |
parentheses.
|
|
|
684a2c |
MIME-Version: 1.0
|
|
|
684a2c |
Content-Type: text/plain; charset=UTF-8
|
|
|
684a2c |
Content-Transfer-Encoding: 8bit
|
|
|
684a2c |
|
|
|
684a2c |
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1631 2f5784b3-3f2a-0410-8824-cb99058d5e15
|
|
|
684a2c |
|
|
|
684a2c |
Petr Písař: Ported to 8.38.
|
|
|
684a2c |
|
|
|
684a2c |
diff --git a/pcre_compile.c b/pcre_compile.c
|
|
|
684a2c |
index b9a239e..5019854 100644
|
|
|
684a2c |
--- a/pcre_compile.c
|
|
|
684a2c |
+++ b/pcre_compile.c
|
|
|
684a2c |
@@ -6,7 +6,7 @@
|
|
|
684a2c |
and semantics are as close as possible to those of the Perl 5 language.
|
|
|
684a2c |
|
|
|
684a2c |
Written by Philip Hazel
|
|
|
684a2c |
- Copyright (c) 1997-2014 University of Cambridge
|
|
|
684a2c |
+ Copyright (c) 1997-2016 University of Cambridge
|
|
|
684a2c |
|
|
|
684a2c |
-----------------------------------------------------------------------------
|
|
|
684a2c |
Redistribution and use in source and binary forms, with or without
|
|
|
684a2c |
@@ -560,6 +560,7 @@ static const char error_texts[] =
|
|
|
684a2c |
/* 85 */
|
|
|
684a2c |
"parentheses are too deeply nested (stack check)\0"
|
|
|
684a2c |
"digits missing in \\x{} or \\o{}\0"
|
|
|
684a2c |
+ "regular expression is too complicated\0"
|
|
|
684a2c |
;
|
|
|
684a2c |
|
|
|
684a2c |
/* Table to identify digits and hex digits. This is used when compiling
|
|
|
684a2c |
@@ -4591,7 +4592,8 @@ for (;; ptr++)
|
|
|
684a2c |
if (code > cd->start_workspace + cd->workspace_size -
|
|
|
684a2c |
WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
|
|
|
684a2c |
{
|
|
|
684a2c |
- *errorcodeptr = ERR52;
|
|
|
684a2c |
+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
|
|
|
684a2c |
+ ERR52 : ERR87;
|
|
|
684a2c |
goto FAILED;
|
|
|
684a2c |
}
|
|
|
684a2c |
|
|
|
684a2c |
@@ -6626,8 +6628,21 @@ for (;; ptr++)
|
|
|
684a2c |
cd->had_accept = TRUE;
|
|
|
684a2c |
for (oc = cd->open_caps; oc != NULL; oc = oc->next)
|
|
|
684a2c |
{
|
|
|
684a2c |
- *code++ = OP_CLOSE;
|
|
|
684a2c |
- PUT2INC(code, 0, oc->number);
|
|
|
684a2c |
+ if (lengthptr != NULL)
|
|
|
684a2c |
+ {
|
|
|
684a2c |
+#ifdef COMPILE_PCRE8
|
|
|
684a2c |
+ *lengthptr += 1 + IMM2_SIZE;
|
|
|
684a2c |
+#elif defined COMPILE_PCRE16
|
|
|
684a2c |
+ *lengthptr += 2 + IMM2_SIZE;
|
|
|
684a2c |
+#elif defined COMPILE_PCRE32
|
|
|
684a2c |
+ *lengthptr += 4 + IMM2_SIZE;
|
|
|
684a2c |
+#endif
|
|
|
684a2c |
+ }
|
|
|
684a2c |
+ else
|
|
|
684a2c |
+ {
|
|
|
684a2c |
+ *code++ = OP_CLOSE;
|
|
|
684a2c |
+ PUT2INC(code, 0, oc->number);
|
|
|
684a2c |
+ }
|
|
|
684a2c |
}
|
|
|
684a2c |
setverb = *code++ =
|
|
|
684a2c |
(cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
|
|
|
684a2c |
diff --git a/pcre_internal.h b/pcre_internal.h
|
|
|
684a2c |
index f7a5ee7..dbfe80e 100644
|
|
|
684a2c |
--- a/pcre_internal.h
|
|
|
684a2c |
+++ b/pcre_internal.h
|
|
|
684a2c |
@@ -7,7 +7,7 @@
|
|
|
684a2c |
and semantics are as close as possible to those of the Perl 5 language.
|
|
|
684a2c |
|
|
|
684a2c |
Written by Philip Hazel
|
|
|
684a2c |
- Copyright (c) 1997-2014 University of Cambridge
|
|
|
684a2c |
+ Copyright (c) 1997-2016 University of Cambridge
|
|
|
684a2c |
|
|
|
684a2c |
-----------------------------------------------------------------------------
|
|
|
684a2c |
Redistribution and use in source and binary forms, with or without
|
|
|
684a2c |
@@ -2289,7 +2289,7 @@ enum { ERR0, ERR1, ERR2, ERR3, ERR4, ERR5, ERR6, ERR7, ERR8, ERR9,
|
|
|
684a2c |
ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
|
|
|
684a2c |
ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
|
|
|
684a2c |
ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
|
|
|
684a2c |
- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
|
|
|
684a2c |
+ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
|
|
|
684a2c |
|
|
|
684a2c |
/* JIT compiling modes. The function list is indexed by them. */
|
|
|
684a2c |
|
|
|
684a2c |
diff --git a/pcreposix.c b/pcreposix.c
|
|
|
684a2c |
index dcc13ef..55b6ddc 100644
|
|
|
684a2c |
--- a/pcreposix.c
|
|
|
684a2c |
+++ b/pcreposix.c
|
|
|
684a2c |
@@ -6,7 +6,7 @@
|
|
|
684a2c |
and semantics are as close as possible to those of the Perl 5 language.
|
|
|
684a2c |
|
|
|
684a2c |
Written by Philip Hazel
|
|
|
684a2c |
- Copyright (c) 1997-2014 University of Cambridge
|
|
|
684a2c |
+ Copyright (c) 1997-2016 University of Cambridge
|
|
|
684a2c |
|
|
|
684a2c |
-----------------------------------------------------------------------------
|
|
|
684a2c |
Redistribution and use in source and binary forms, with or without
|
|
|
684a2c |
@@ -173,7 +173,8 @@ static const int eint[] = {
|
|
|
684a2c |
REG_BADPAT, /* group name must start with a non-digit */
|
|
|
684a2c |
/* 85 */
|
|
|
684a2c |
REG_BADPAT, /* parentheses too deeply nested (stack check) */
|
|
|
684a2c |
- REG_BADPAT /* missing digits in \x{} or \o{} */
|
|
|
684a2c |
+ REG_BADPAT, /* missing digits in \x{} or \o{} */
|
|
|
684a2c |
+ REG_BADPAT /* pattern too complicated */
|
|
|
684a2c |
};
|
|
|
684a2c |
|
|
|
684a2c |
/* Table of texts corresponding to POSIX error codes */
|
|
|
684a2c |
diff --git a/testdata/testinput11 b/testdata/testinput11
|
|
|
684a2c |
index ac9d228..6f0989a 100644
|
|
|
684a2c |
--- a/testdata/testinput11
|
|
|
684a2c |
+++ b/testdata/testinput11
|
|
|
684a2c |
@@ -138,4 +138,6 @@ is required for these tests. --/
|
|
|
684a2c |
|
|
|
684a2c |
/.((?2)(?R)\1)()/B
|
|
|
684a2c |
|
|
|
684a2c |
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
|
684a2c |
+
|
|
|
684a2c |
/-- End of testinput11 --/
|
|
|
684a2c |
diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
|
|
|
684a2c |
index 280692e..3c485da 100644
|
|
|
684a2c |
--- a/testdata/testoutput11-16
|
|
|
684a2c |
+++ b/testdata/testoutput11-16
|
|
|
684a2c |
@@ -765,4 +765,7 @@ Memory allocation (code space): 14
|
|
|
684a2c |
25 End
|
|
|
684a2c |
------------------------------------------------------------------
|
|
|
684a2c |
|
|
|
684a2c |
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
|
684a2c |
+Failed: regular expression is too complicated at offset 490
|
|
|
684a2c |
+
|
|
|
684a2c |
/-- End of testinput11 --/
|
|
|
684a2c |
diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
|
|
|
684a2c |
index cdbda74..e19518d 100644
|
|
|
684a2c |
--- a/testdata/testoutput11-32
|
|
|
684a2c |
+++ b/testdata/testoutput11-32
|
|
|
684a2c |
@@ -765,4 +765,7 @@ Memory allocation (code space): 28
|
|
|
684a2c |
25 End
|
|
|
684a2c |
------------------------------------------------------------------
|
|
|
684a2c |
|
|
|
684a2c |
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
|
684a2c |
+Failed: missing ) at offset 509
|
|
|
684a2c |
+
|
|
|
684a2c |
/-- End of testinput11 --/
|
|
|
684a2c |
diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
|
|
|
684a2c |
index cb37896..5a4fbb2 100644
|
|
|
684a2c |
--- a/testdata/testoutput11-8
|
|
|
684a2c |
+++ b/testdata/testoutput11-8
|
|
|
684a2c |
@@ -765,4 +765,7 @@ Memory allocation (code space): 10
|
|
|
684a2c |
38 End
|
|
|
684a2c |
------------------------------------------------------------------
|
|
|
684a2c |
|
|
|
684a2c |
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
|
684a2c |
+Failed: missing ) at offset 509
|
|
|
684a2c |
+
|
|
|
684a2c |
/-- End of testinput11 --/
|
|
|
684a2c |
--
|
|
|
684a2c |
2.5.0
|
|
|
684a2c |
|