Revision: 1691
http://vcs.pcre.org/viewvc?view=rev&revision=1691
Author: ph10
Date: 2017-03-27 17:00:16 +0100 (Mon, 27 Mar 2017)
Log Message:
-----------
Fix typo (leading to possible buffer overflow in pcre_copy_substring()) in
pcretest.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcretest.c
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2017-03-27 13:40:53 UTC (rev 1690)
+++ code/trunk/ChangeLog 2017-03-27 16:00:16 UTC (rev 1691)
@@ -37,7 +37,10 @@
8. The alternative matching function, pcre_dfa_exec() misbehaved if it
encountered a character class with a possessive repeat, for example [a-f]{3}+.
+9. When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer
+length incorrectly, which could result in buffer overflow.
+
Version 8.40 11-January-2017
----------------------------
Modified: code/trunk/pcretest.c
===================================================================
--- code/trunk/pcretest.c 2017-03-27 13:40:53 UTC (rev 1690)
+++ code/trunk/pcretest.c 2017-03-27 16:00:16 UTC (rev 1691)
@@ -426,11 +426,11 @@
#define PCRE_COPY_NAMED_SUBSTRING32(rc, re, bptr, offsets, count, \
namesptr, cbuffer, size) \
rc = pcre32_copy_named_substring((pcre32 *)re, (PCRE_SPTR32)bptr, offsets, \
- count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/2)
+ count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/4)
#define PCRE_COPY_SUBSTRING32(rc, bptr, offsets, count, i, cbuffer, size) \
rc = pcre32_copy_substring((PCRE_SPTR32)bptr, offsets, count, i, \
- (PCRE_UCHAR32 *)cbuffer, size/2)
+ (PCRE_UCHAR32 *)cbuffer, size/4)
#define PCRE_DFA_EXEC32(count, re, extra, bptr, len, start_offset, options, \
offsets, size_offsets, workspace, size_workspace) \