[Pcre-svn] [427] code/trunk: Check for too many replacements…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Author: Subversion repository
Date:  
To: pcre-svn
Subject: [Pcre-svn] [427] code/trunk: Check for too many replacements (more than INT_MAX) in pcre2_substitute()
Revision: 427
          http://www.exim.org/viewvc/pcre2?view=rev&revision=427
Author:   ph10
Date:     2015-11-11 18:35:14 +0000 (Wed, 11 Nov 2015)
Log Message:
-----------
Check for too many replacements (more than INT_MAX) in pcre2_substitute()


Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/src/pcre2.h
    code/trunk/src/pcre2.h.in
    code/trunk/src/pcre2_error.c
    code/trunk/src/pcre2_substitute.c


Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2015-11-11 17:52:11 UTC (rev 426)
+++ code/trunk/ChangeLog    2015-11-11 18:35:14 UTC (rev 427)
@@ -288,7 +288,9 @@


84. Test for error code <= 0 in regerror().

+85. Check for too many replacements (more than INT_MAX) in pcre2_substitute().

+
Version 10.20 30-June-2015
-------------------------- 


Modified: code/trunk/src/pcre2.h
===================================================================
--- code/trunk/src/pcre2.h    2015-11-11 17:52:11 UTC (rev 426)
+++ code/trunk/src/pcre2.h    2015-11-11 18:35:14 UTC (rev 427)
@@ -241,6 +241,7 @@
 #define PCRE2_ERROR_REPMISSINGBRACE   (-58)
 #define PCRE2_ERROR_BADSUBSTITUTION   (-59)
 #define PCRE2_ERROR_BADSUBSPATTERN    (-60)
+#define PCRE2_ERROR_TOOMANYREPLACE    (-61)


/* Request types for pcre2_pattern_info() */ 


Modified: code/trunk/src/pcre2.h.in
===================================================================
--- code/trunk/src/pcre2.h.in    2015-11-11 17:52:11 UTC (rev 426)
+++ code/trunk/src/pcre2.h.in    2015-11-11 18:35:14 UTC (rev 427)
@@ -241,6 +241,7 @@
 #define PCRE2_ERROR_REPMISSINGBRACE   (-58)
 #define PCRE2_ERROR_BADSUBSTITUTION   (-59)
 #define PCRE2_ERROR_BADSUBSPATTERN    (-60)
+#define PCRE2_ERROR_TOOMANYREPLACE    (-61)


/* Request types for pcre2_pattern_info() */ 


Modified: code/trunk/src/pcre2_error.c
===================================================================
--- code/trunk/src/pcre2_error.c    2015-11-11 17:52:11 UTC (rev 426)
+++ code/trunk/src/pcre2_error.c    2015-11-11 18:35:14 UTC (rev 427)
@@ -251,6 +251,7 @@
   "bad substitution in replacement string\0"
   /* 60 */
   "match with end before start is not supported\0"
+  "too many replacements (more than INT_MAX)\0" 
   ;




Modified: code/trunk/src/pcre2_substitute.c
===================================================================
--- code/trunk/src/pcre2_substitute.c    2015-11-11 17:52:11 UTC (rev 426)
+++ code/trunk/src/pcre2_substitute.c    2015-11-11 18:35:14 UTC (rev 427)
@@ -329,6 +329,17 @@
     goto EXIT;
     }


+  /* Paranoid check for integer overflow; surely no real call to this function
+  would ever hit this! */
+
+  if (subs == INT_MAX)
+    {
+    rc = PCRE2_ERROR_TOOMANYREPLACE;
+    goto EXIT;
+    }
+
+  /* Count substitutions and proceed */
+
   subs++;
   if (rc == 0) rc = ovector_count;
   fraglength = ovector[0] - start_offset;

This message was posted to the following mailing lists:
Pcre-svn
Mailing List Info | Nearby Messages		<-[Pcre-svn] [426] code/trunk: Check errorcode > 0 in regerror().[Pcre-svn] [428] code/trunk: Tidy another out-of-bounds pointer issue.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)