Revision: 646
http://www.exim.org/viewvc/pcre2?view=rev&revision=646
Author: ph10
Date: 2017-01-03 11:35:26 +0000 (Tue, 03 Jan 2017)
Log Message:
-----------
Detect overlong patterns earlier.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/src/pcre2_compile.c
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2017-01-02 16:15:11 UTC (rev 645)
+++ code/trunk/ChangeLog 2017-01-03 11:35:26 UTC (rev 646)
@@ -306,7 +306,10 @@
semicolon are ignored, and the colour controls are no longer output for empty
strings.
+47. Detecting patterns that are too large inside the length-measuring loop
+saves processing ridiculously long patterns to their end.
+
Version 10.22 29-July-2016
--------------------------
Modified: code/trunk/src/pcre2_compile.c
===================================================================
--- code/trunk/src/pcre2_compile.c 2017-01-02 16:15:11 UTC (rev 645)
+++ code/trunk/src/pcre2_compile.c 2017-01-03 11:35:26 UTC (rev 646)
@@ -4659,7 +4659,7 @@
meta = META_CODE(*pptr);
meta_arg = META_DATA(*pptr);
-
+
/* If we are in the pre-compile phase, accumulate the length used for the
previous cycle of this loop, unless the next item is a quantifier. */
@@ -4693,6 +4693,11 @@
return 0;
}
*lengthptr += (PCRE2_SIZE)(code - orig_code);
+ if (*lengthptr > MAX_PATTERN_SIZE)
+ {
+ *errorcodeptr = ERR20; /* Pattern is too large */
+ return 0;
+ }
code = orig_code;
}
@@ -7334,7 +7339,6 @@
}
*lengthptr += length;
}
-// if (lengthptr == NULL) fprintf(stderr, "~~group returns %d\n", okreturn);
return okreturn;
}
@@ -9075,6 +9079,8 @@
if (errorcode != 0) goto HAD_CB_ERROR; /* Offset is in cb.erroroffset */
+/* This should be caught in compile_regex(), but just in case... */
+
if (length > MAX_PATTERN_SIZE)
{
errorcode = ERR20;
