Revision: 505
http://vcs.pcre.org/viewvc?view=rev&revision=505
Author: ph10
Date: 2010-03-09 16:50:47 +0000 (Tue, 09 Mar 2010)
Log Message:
-----------
Improve compile-time overrun checking.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcre_compile.c
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2010-03-08 08:57:04 UTC (rev 504)
+++ code/trunk/ChangeLog 2010-03-09 16:50:47 UTC (rev 505)
@@ -57,6 +57,11 @@
second branch in the above example - was incorrectly given the compile-
time error "recursive call could loop indefinitely" because pcre_compile()
was not correctly checking the subroutine for matching a non-empty string.
+
+14. The checks for overrunning compiling workspace could trigger after an
+ overrun had occurred. This is a "should never occur" error, but it can be
+ triggered by pathological patterns such as hundreds of nested parentheses.
+ The checks now trigger 100 bytes before the end of the workspace.
Version 8.01 19-Jan-2010
Modified: code/trunk/pcre_compile.c
===================================================================
--- code/trunk/pcre_compile.c 2010-03-08 08:57:04 UTC (rev 504)
+++ code/trunk/pcre_compile.c 2010-03-09 16:50:47 UTC (rev 505)
@@ -92,7 +92,12 @@
#define COMPILE_WORK_SIZE (4096)
+/* The overrun tests check for a slightly smaller size so that they detect the
+overrun before it actually does run off the end of the data block. */
+#define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100)
+
+
/* Table for handling escaped characters in the range '0'-'z'. Positive returns
are simple data values; negative values are for special things like \d and so
on. Zero means further processing is needed (for things like \x), or the escape
@@ -2760,7 +2765,7 @@
#ifdef PCRE_DEBUG
if (code > cd->hwm) cd->hwm = code; /* High water info */
#endif
- if (code > cd->start_workspace + COMPILE_WORK_SIZE) /* Check for overrun */
+ if (code > cd->start_workspace + WORK_SIZE_CHECK) /* Check for overrun */
{
*errorcodeptr = ERR52;
goto FAILED;
@@ -2809,7 +2814,7 @@
/* In the real compile phase, just check the workspace used by the forward
reference list. */
- else if (cd->hwm > cd->start_workspace + COMPILE_WORK_SIZE)
+ else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK)
{
*errorcodeptr = ERR52;
goto FAILED;