Revision: 612
http://www.exim.org/viewvc/pcre2?view=rev&revision=612
Author: ph10
Date: 2016-12-08 17:55:26 +0000 (Thu, 08 Dec 2016)
Log Message:
-----------
Fix buffer overflow in partial match test for CRLF in empty buffer.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_match.c
code/trunk/testdata/testinput2
code/trunk/testdata/testoutput2
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2016-12-08 16:52:26 UTC (rev 611)
+++ code/trunk/ChangeLog 2016-12-08 17:55:26 UTC (rev 612)
@@ -198,7 +198,10 @@
29. Fix small memory leak in pcre2test.
+30. Fix out-of-bounds read for partial matching of /./ against an empty string
+when the newline type is CRLF.
+
Version 10.22 29-July-2016
--------------------------
Modified: code/trunk/src/pcre2_match.c
===================================================================
--- code/trunk/src/pcre2_match.c 2016-12-08 16:52:26 UTC (rev 611)
+++ code/trunk/src/pcre2_match.c 2016-12-08 17:55:26 UTC (rev 612)
@@ -2379,7 +2379,7 @@
case OP_ANY:
if (IS_NEWLINE(eptr)) RRETURN(MATCH_NOMATCH);
if (mb->partial != 0 &&
- eptr + 1 >= mb->end_subject &&
+ eptr == mb->end_subject - 1 &&
NLBLOCK->nltype == NLTYPE_FIXED &&
NLBLOCK->nllen == 2 &&
UCHAR21TEST(eptr) == NLBLOCK->nl[0])
Modified: code/trunk/testdata/testinput2
===================================================================
--- code/trunk/testdata/testinput2 2016-12-08 16:52:26 UTC (rev 611)
+++ code/trunk/testdata/testinput2 2016-12-08 17:55:26 UTC (rev 612)
@@ -4922,4 +4922,7 @@
%(*:?(:?(?svvvvvvvvvv:]*[ Z!*;[]*[^[]*!^[?+.+{{2,7}' _\\\\\\\\\\\\\)?.:.. *w////\\\Q\\\\\\\\\\\\\\\T\\\\\+/?/////'+\\\EEE?/////'+/*+/[^K]?]//(w)%never_backslash_c,alt_verbnames,auto_callout
+/./newline=crlf
+\=ph
+
# End of testinput2
Modified: code/trunk/testdata/testoutput2
===================================================================
--- code/trunk/testdata/testoutput2 2016-12-08 16:52:26 UTC (rev 611)
+++ code/trunk/testdata/testoutput2 2016-12-08 17:55:26 UTC (rev 612)
@@ -15374,6 +15374,10 @@
%(*:?(:?(?svvvvvvvvvv:]*[ Z!*;[]*[^[]*!^[?+.+{{2,7}' _\\\\\\\\\\\\\)?.:.. *w////\\\Q\\\\\\\\\\\\\\\T\\\\\+/?/////'+\\\EEE?/////'+/*+/[^K]?]//(w)%never_backslash_c,alt_verbnames,auto_callout
+/./newline=crlf
+\=ph
+No match
+
# End of testinput2
Error -63: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data