Revision: 402
http://www.exim.org/viewvc/pcre2?view=rev&revision=402
Author: ph10
Date: 2015-10-30 18:25:19 +0000 (Fri, 30 Oct 2015)
Log Message:
-----------
Avoid the need for an integer overflow check in pcre2_substitute() by adding a
check for a number greater than the largest capturing group.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_substitute.c
code/trunk/testdata/testinput2
code/trunk/testdata/testoutput2
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2015-10-30 17:41:56 UTC (rev 401)
+++ code/trunk/ChangeLog 2015-10-30 18:25:19 UTC (rev 402)
@@ -236,7 +236,11 @@
68. In pcre2_substitute() in UTF mode, PCRE2_NO_UTF_CHECK can be set for the
second and subsequent calls to pcre2_match().
+69. There was no check for integer overflow for a replacement group number in
+pcre2_substitute(). An added check for a number greater than the largest group
+number in the pattern means this is not now needed.
+
Version 10.20 30-June-2015
--------------------------
Modified: code/trunk/src/pcre2_substitute.c
===================================================================
--- code/trunk/src/pcre2_substitute.c 2015-10-30 17:41:56 UTC (rev 401)
+++ code/trunk/src/pcre2_substitute.c 2015-10-30 18:25:19 UTC (rev 402)
@@ -409,6 +409,15 @@
next = *ptr;
if (next < CHAR_0 || next > CHAR_9) break;
group = group * 10 + next - CHAR_0;
+
+ /* A check for a number greater than the hightest captured group
+ is sufficient here; no need for a separate overflow check. */
+
+ if (group > code->top_bracket)
+ {
+ rc = PCRE2_ERROR_NOSUBSTRING;
+ goto PTREXIT;
+ }
}
}
else
Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2 2015-10-30 17:41:56 UTC (rev 401)
+++ code/trunk/testdata/testinput2 2015-10-30 18:25:19 UTC (rev 402)
@@ -4587,4 +4587,7 @@
/((p(?'K/no_auto_capture
+/abc/replace=A$3123456789Z
+ abc
+
# End of testinput2
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2015-10-30 17:41:56 UTC (rev 401)
+++ code/trunk/testdata/testoutput2 2015-10-30 18:25:19 UTC (rev 402)
@@ -14674,4 +14674,8 @@
/((p(?'K/no_auto_capture
Failed: error 142 at offset 7: syntax error in subpattern name (missing terminator)
+/abc/replace=A$3123456789Z
+ abc
+Failed: error -49 at offset 3 in replacement: unknown substring
+
# End of testinput2