[Pcre-svn] [598] code/trunk: Fix global overflow bug for get…

Revision: 598

          http://www.exim.org/viewvc/pcre2?view=rev&revision=598
Author:   ph10
Date:     2016-11-10 17:08:27 +0000 (Thu, 10 Nov 2016)
Log Message:
-----------
Fix global overflow bug for get/copy names in pcre2test.

Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/src/pcre2test.c
    code/trunk/testdata/testinput2
    code/trunk/testdata/testoutput2

Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2016-11-04 16:40:08 UTC (rev 597)
+++ code/trunk/ChangeLog    2016-11-10 17:08:27 UTC (rev 598)
@@ -157,7 +157,10 @@

22. Add the use_length modifier to pcre2test.

+23. Fix an off-by-one bug in pcre2test for the list of names for 'get' and
+'copy' modifiers.

+
Version 10.22 29-July-2016
--------------------------

Modified: code/trunk/src/pcre2test.c
===================================================================
--- code/trunk/src/pcre2test.c    2016-11-04 16:40:08 UTC (rev 597)
+++ code/trunk/src/pcre2test.c    2016-11-10 17:08:27 UTC (rev 598)
@@ -3556,10 +3556,16 @@
       char *nn = (char *)field;
       if (len > 0)                    /* Add new name */
         {
+        if (len > MAX_NAME_SIZE)
+          {
+          fprintf(outfile, "** Group name in '%s' is too long\n", m->name);
+          return FALSE;  
+          }   
         while (*nn != 0) nn += strlen(nn) + 1;
-        if (nn + len + 1 - (char *)field > LENCPYGET)
+        if (nn + len + 2 - (char *)field > LENCPYGET)
           {
-          fprintf(outfile, "** Too many named '%s' modifiers\n", m->name);
+          fprintf(outfile, "** Too many characters in named '%s' modifiers\n", 
+            m->name);
           return FALSE;
           }
         memcpy(nn, pp, len);

Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2    2016-11-04 16:40:08 UTC (rev 597)
+++ code/trunk/testdata/testinput2    2016-11-10 17:08:27 UTC (rev 598)
@@ -4908,4 +4908,8 @@

/{\x84̈́\xCD̈́\xCD{'{22{2{{2{'{22{?{22{2{'{22{2{{2{{222{{2{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{222{2Ą̈́\xCD̈́\xCD{'{22{2{{2{'{22{?{11{2{'{22{2{{2{{'{22{2{{2{'{22{?{22{1{'{22{2{{2{{222{{2{'{22{2{22{2{'{/auto_callout

+//
+\=get=i00000000000000000000000000000000
+\=get=i2345678901234567890123456789012,get=i1245678901234567890123456789012
+
# End of testinput2

Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2    2016-11-04 16:40:08 UTC (rev 597)
+++ code/trunk/testdata/testoutput2    2016-11-10 17:08:27 UTC (rev 598)
@@ -15355,6 +15355,12 @@

/{\x84̈́\xCD̈́\xCD{'{22{2{{2{'{22{?{22{2{'{22{2{{2{{222{{2{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{'{22{2{22{2{'{22{2{{2{'{22{2{22{2{'{222{2Ą̈́\xCD̈́\xCD{'{22{2{{2{'{22{?{11{2{'{22{2{{2{{'{22{2{{2{'{22{?{22{1{'{22{2{{2{{222{{2{'{22{2{22{2{'{/auto_callout

+//
+\=get=i00000000000000000000000000000000
+** Group name in 'get' is too long
+\=get=i2345678901234567890123456789012,get=i1245678901234567890123456789012
+** Too many characters in named 'get' modifiers
+
# End of testinput2
Error -63: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data