[Pcre-svn] [612] code/trunk: Fix buffer overflow in partial …

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Author: Subversion repository
Date:  
To: pcre-svn
Subject: [Pcre-svn] [612] code/trunk: Fix buffer overflow in partial match test for CRLF in empty buffer.
Revision: 612
          http://www.exim.org/viewvc/pcre2?view=rev&revision=612
Author:   ph10
Date:     2016-12-08 17:55:26 +0000 (Thu, 08 Dec 2016)
Log Message:
-----------
Fix buffer overflow in partial match test for CRLF in empty buffer.


Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/src/pcre2_match.c
    code/trunk/testdata/testinput2
    code/trunk/testdata/testoutput2


Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2016-12-08 16:52:26 UTC (rev 611)
+++ code/trunk/ChangeLog    2016-12-08 17:55:26 UTC (rev 612)
@@ -198,7 +198,10 @@


29. Fix small memory leak in pcre2test.

+30. Fix out-of-bounds read for partial matching of /./ against an empty string
+when the newline type is CRLF.

+
Version 10.22 29-July-2016
-------------------------- 


Modified: code/trunk/src/pcre2_match.c
===================================================================
--- code/trunk/src/pcre2_match.c    2016-12-08 16:52:26 UTC (rev 611)
+++ code/trunk/src/pcre2_match.c    2016-12-08 17:55:26 UTC (rev 612)
@@ -2379,7 +2379,7 @@
     case OP_ANY:
     if (IS_NEWLINE(eptr)) RRETURN(MATCH_NOMATCH);
     if (mb->partial != 0 &&
-        eptr + 1 >= mb->end_subject &&
+        eptr == mb->end_subject - 1 &&
         NLBLOCK->nltype == NLTYPE_FIXED &&
         NLBLOCK->nllen == 2 &&
         UCHAR21TEST(eptr) == NLBLOCK->nl[0])


Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2    2016-12-08 16:52:26 UTC (rev 611)
+++ code/trunk/testdata/testinput2    2016-12-08 17:55:26 UTC (rev 612)
@@ -4922,4 +4922,7 @@


 %(*:?(:?(?svvvvvvvvvv:]*[   Z!*;[]*[^[]*!^[?+.+{{2,7}'      _\\\\\\\\\\\\\)?.:..    *w////\\\Q\\\\\\\\\\\\\\\T\\\\\+/?/////'+\\\EEE?/////'+/*+/[^K]?]//(w)%never_backslash_c,alt_verbnames,auto_callout


+/./newline=crlf
+\=ph
+
# End of testinput2 

Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2    2016-12-08 16:52:26 UTC (rev 611)
+++ code/trunk/testdata/testoutput2    2016-12-08 17:55:26 UTC (rev 612)
@@ -15374,6 +15374,10 @@


 %(*:?(:?(?svvvvvvvvvv:]*[   Z!*;[]*[^[]*!^[?+.+{{2,7}'      _\\\\\\\\\\\\\)?.:..    *w////\\\Q\\\\\\\\\\\\\\\T\\\\\+/?/////'+\\\EEE?/////'+/*+/[^K]?]//(w)%never_backslash_c,alt_verbnames,auto_callout


+/./newline=crlf
+\=ph
+No match
+
# End of testinput2
Error -63: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data
This message was posted to the following mailing lists:
Pcre-svn
Mailing List Info | Nearby Messages		<-[Pcre-svn] [611] code/trunk: Fix small memory leak in error code path.[Pcre-svn] [613] code/trunk: Fix crash in pcre2test when displaying a wide character with a locale set.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)