[Pcre-svn] [505] code/trunk: Improve compile-time overrun ch…

Página Inicial
Esta mensagem é parte da seguinte discussão:
MÁrvore completa da discussão ordenada por data
 
 
Delete this message
Autor: Subversion repository
Data:  
Para: pcre-svn
Assunto: [Pcre-svn] [505] code/trunk: Improve compile-time overrun checking.
Revision: 505
          http://vcs.pcre.org/viewvc?view=rev&revision=505
Author:   ph10
Date:     2010-03-09 16:50:47 +0000 (Tue, 09 Mar 2010)


Log Message:
-----------
Improve compile-time overrun checking. 

Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/pcre_compile.c


Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2010-03-08 08:57:04 UTC (rev 504)
+++ code/trunk/ChangeLog    2010-03-09 16:50:47 UTC (rev 505)
@@ -57,6 +57,11 @@
     second branch in the above example - was incorrectly given the compile-
     time error "recursive call could loop indefinitely" because pcre_compile()
     was not correctly checking the subroutine for matching a non-empty string. 
+    
+14. The checks for overrunning compiling workspace could trigger after an
+    overrun had occurred. This is a "should never occur" error, but it can be 
+    triggered by pathological patterns such as hundreds of nested parentheses.
+    The checks now trigger 100 bytes before the end of the workspace.



Version 8.01 19-Jan-2010 

Modified: code/trunk/pcre_compile.c
===================================================================
--- code/trunk/pcre_compile.c    2010-03-08 08:57:04 UTC (rev 504)
+++ code/trunk/pcre_compile.c    2010-03-09 16:50:47 UTC (rev 505)
@@ -92,7 +92,12 @@


#define COMPILE_WORK_SIZE (4096)

+/* The overrun tests check for a slightly smaller size so that they detect the
+overrun before it actually does run off the end of the data block. */ 

+#define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100)
+
+
 /* Table for handling escaped characters in the range '0'-'z'. Positive returns
 are simple data values; negative values are for special things like \d and so
 on. Zero means further processing is needed (for things like \x), or the escape
@@ -2760,7 +2765,7 @@
 #ifdef PCRE_DEBUG
     if (code > cd->hwm) cd->hwm = code;                 /* High water info */
 #endif
-    if (code > cd->start_workspace + COMPILE_WORK_SIZE) /* Check for overrun */
+    if (code > cd->start_workspace + WORK_SIZE_CHECK)   /* Check for overrun */
       {
       *errorcodeptr = ERR52;
       goto FAILED;
@@ -2809,7 +2814,7 @@
   /* In the real compile phase, just check the workspace used by the forward
   reference list. */


-  else if (cd->hwm > cd->start_workspace + COMPILE_WORK_SIZE)
+  else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK)
     {
     *errorcodeptr = ERR52;
     goto FAILED;


Esta mensagem foi enviada para as seguintes listas:
Pcre-svn
Informações da lista | Mensagens recentes		<-[Pcre-svn] [504] code/trunk: Previous patch for fixing problem with recursion loop checking was incorrect .[Pcre-svn] [506] code/trunk: Fix "srtoq" typo in configure.ac.->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versão 2.3)