[Pcre-svn] [1011] code/trunk: Fix subject buffer overread in…

Page principale
Supprimer ce message
Auteur: Subversion repository
Date:  
À: pcre-svn
Sujet: [Pcre-svn] [1011] code/trunk: Fix subject buffer overread in JIT.
Revision: 1011
          http://www.exim.org/viewvc/pcre2?view=rev&revision=1011
Author:   zherczeg
Date:     2018-09-18 11:19:14 +0100 (Tue, 18 Sep 2018)
Log Message:
-----------
Fix subject buffer overread in JIT. Found by Yunho Kim.


Modified Paths:
--------------
    code/trunk/ChangeLog
    code/trunk/src/pcre2_jit_compile.c
    code/trunk/src/pcre2_jit_test.c


Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog    2018-09-17 13:43:31 UTC (rev 1010)
+++ code/trunk/ChangeLog    2018-09-18 10:19:14 UTC (rev 1011)
@@ -9,7 +9,10 @@
 ovector that shouldn't be changed, in particular after substitute and failed or 
 partial matches.


+2. Fix subject buffer overread in JIT when UTF is disabled and \X or \R has
+a greater than 1 fixed quantifier. This issue was found by Yunho Kim.

+
Version 10.32 10-September-2018
-------------------------------


Modified: code/trunk/src/pcre2_jit_compile.c
===================================================================
--- code/trunk/src/pcre2_jit_compile.c    2018-09-17 13:43:31 UTC (rev 1010)
+++ code/trunk/src/pcre2_jit_compile.c    2018-09-18 10:19:14 UTC (rev 1011)
@@ -11268,7 +11268,7 @@
 #ifdef SUPPORT_UNICODE
       && !common->utf
 #endif
-      )
+      && type != OP_ANYNL && type != OP_EXTUNI)
     {
     OP2(SLJIT_ADD, TMP1, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(exact));
     add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_GREATER, TMP1, 0, STR_END, 0));


Modified: code/trunk/src/pcre2_jit_test.c
===================================================================
--- code/trunk/src/pcre2_jit_test.c    2018-09-17 13:43:31 UTC (rev 1010)
+++ code/trunk/src/pcre2_jit_test.c    2018-09-18 10:19:14 UTC (rev 1011)
@@ -1948,6 +1948,10 @@
     { PCRE2_UTF, CI, 0, 0, 0, 4, 8, { "#\xc7\x85#", NULL }, "\x80\x80#\xc7#\xc7\x85#" },
     { PCRE2_UTF, CI, 0, 0, 0, 7, 11, { "#\xc7\x85#", NULL }, "\x80\x80#\xc7\x80\x80\x80#\xc7\x85#" },


+    /* These two are not invalid UTF tests, but this infrastructure fits better for them. */
+    { 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\X{2}", NULL }, "\r\n\n" },
+    { 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\R{2}", NULL }, "\r\n\n" },
+
     { 0, 0, 0, 0, 0, 0, 0, { NULL, NULL }, NULL }
 };