[Pcre-svn] [1723] code/trunk: Fix out-of-bounds read for par…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Author: Subversion repository
Date:  
To: pcre-svn
Subject: [Pcre-svn] [1723] code/trunk: Fix out-of-bounds read for partial matching of /./ against an empty string
Revision: 1723
          http://vcs.pcre.org/viewvc?view=rev&revision=1723
Author:   ph10
Date:     2018-01-29 14:45:51 +0000 (Mon, 29 Jan 2018)
Log Message:
-----------
Fix out-of-bounds read for partial matching of /./ against an empty string
when the newline type is CRLF.


Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/pcre_exec.c


Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2018-01-10 09:06:30 UTC (rev 1722)
+++ code/trunk/ChangeLog    2018-01-29 14:45:51 UTC (rev 1723)
@@ -26,9 +26,9 @@
 This is fixed and pcre_jit_exec returns with PCRE_ERROR_JIT_BADOPTION
 when the pattern is not optimized by JIT at all.


-6. The line number and related variables such as match counts in pcregrep
-were all int variables, causing overflow when files with more than 2147483647
-lines were processed (assuming 32-bit ints). They have all been changed to
+6. The line number and related variables such as match counts in pcregrep
+were all int variables, causing overflow when files with more than 2147483647
+lines were processed (assuming 32-bit ints). They have all been changed to
unsigned long ints.

7. If a backreference with a minimum repeat count of zero was first in a
@@ -36,7 +36,10 @@
recorded. For example, for the pattern /(?=(a))\1?b/, "b" was incorrectly set
as the first character of a match.

+8. Fix out-of-bounds read for partial matching of /./ against an empty string
+when the newline type is CRLF.

+
Version 8.41 05-July-2017
------------------------- 


Modified: code/trunk/pcre_exec.c
===================================================================
--- code/trunk/pcre_exec.c    2018-01-10 09:06:30 UTC (rev 1722)
+++ code/trunk/pcre_exec.c    2018-01-29 14:45:51 UTC (rev 1723)
@@ -6,7 +6,7 @@
 and semantics are as close as possible to those of the Perl 5 language.


                        Written by Philip Hazel
-           Copyright (c) 1997-2014 University of Cambridge
+           Copyright (c) 1997-2018 University of Cambridge


 -----------------------------------------------------------------------------
 Redistribution and use in source and binary forms, with or without
@@ -2305,7 +2305,7 @@
     case OP_ANY:
     if (IS_NEWLINE(eptr)) RRETURN(MATCH_NOMATCH);
     if (md->partial != 0 &&
-        eptr + 1 >= md->end_subject &&
+        eptr == md->end_subject - 1 &&
         NLBLOCK->nltype == NLTYPE_FIXED &&
         NLBLOCK->nllen == 2 &&
         UCHAR21TEST(eptr) == NLBLOCK->nl[0])

This message was posted to the following mailing lists:
Pcre-svn
Mailing List Info | Nearby Messages		<-[Pcre-svn] [911] code/trunk: Increment dummy ovector size in internal structures to avoid spurious array[Pcre-svn] [912] code/trunk: Fix auto-possessification bug at the end of a capturing group that is called->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)