[Pcre-svn] [307] code/trunk: Fix [[:>:]] when followed by p…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Author: Subversion repository
Date:  
To: pcre-svn
Subject: [Pcre-svn] [307] code/trunk: Fix [[:>:]] when followed by parenthesis buffer overflow.
Revision: 307
          http://www.exim.org/viewvc/pcre2?view=rev&revision=307
Author:   ph10
Date:     2015-07-15 10:08:12 +0100 (Wed, 15 Jul 2015)
Log Message:
-----------
Fix [[:>:]] when followed by parenthesis buffer overflow.


Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/src/pcre2_compile.c
    code/trunk/testdata/testinput2
    code/trunk/testdata/testoutput2


Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2015-07-08 08:30:23 UTC (rev 306)
+++ code/trunk/ChangeLog    2015-07-15 09:08:12 UTC (rev 307)
@@ -14,7 +14,11 @@


4. Fix typos in dftables.c for z/OS.

+5. Change 36 for 10.20 broke the handling of [[:>:]] and [[:<:]] in that
+processing them could involve a buffer overflow if the following character was
+an opening parenthesis.

+
Version 10.20 30-June-2015
-------------------------- 


Modified: code/trunk/src/pcre2_compile.c
===================================================================
--- code/trunk/src/pcre2_compile.c    2015-07-08 08:30:23 UTC (rev 306)
+++ code/trunk/src/pcre2_compile.c    2015-07-15 09:08:12 UTC (rev 307)
@@ -3238,7 +3238,7 @@
     if (PRIV(strncmp_c8)(ptr+1, STRING_WEIRD_STARTWORD, 6) == 0 ||
         PRIV(strncmp_c8)(ptr+1, STRING_WEIRD_ENDWORD, 6) == 0)
       {
-      ptr += 7;
+      ptr += 6;
       break;
       }


@@ -3303,8 +3303,9 @@
       if (c == CHAR_LEFT_SQUARE_BRACKET &&
           (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
            ptr[1] == CHAR_EQUALS_SIGN) && check_posix_syntax(ptr, &ptr))
-        ptr ++;
-
+        {
+        ptr++;
+        }
       else if (c == CHAR_BACKSLASH)
         {
         errorcode = 0;


Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2    2015-07-08 08:30:23 UTC (rev 306)
+++ code/trunk/testdata/testinput2    2015-07-15 09:08:12 UTC (rev 307)
@@ -4327,4 +4327,6 @@


/^(?:(?(1)x|)+)+$()/B

+/[[:>:]](?<)/
+
# End of testinput2 

Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2    2015-07-08 08:30:23 UTC (rev 306)
+++ code/trunk/testdata/testoutput2    2015-07-15 09:08:12 UTC (rev 307)
@@ -14470,4 +14470,7 @@
         End
 ------------------------------------------------------------------


+/[[:>:]](?<)/
+Failed: error 124 at offset 10: unrecognized character after (?<
+
# End of testinput2
This message was posted to the following mailing lists:
Pcre-svn
Mailing List Info | Nearby Messages		<-[Pcre-svn] [306] code/trunk: Fix typos in dftables.c for z/OS.[Pcre-svn] [308] code/trunk: Fix bad processing of (?x)(*MARK) within another group.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)