Revision: 1740
http://vcs.pcre.org/viewvc?view=rev&revision=1740
Author: zherczeg
Date: 2018-09-21 08:34:10 +0100 (Fri, 21 Sep 2018)
Log Message:
-----------
Fix subject buffer overread in JIT.
Modified Paths:
--------------
code/trunk/ChangeLog
code/trunk/pcre_jit_compile.c
Modified: code/trunk/ChangeLog
===================================================================
--- code/trunk/ChangeLog 2018-09-02 17:05:38 UTC (rev 1739)
+++ code/trunk/ChangeLog 2018-09-21 07:34:10 UTC (rev 1740)
@@ -37,7 +37,10 @@
assumed empty second branch cannot be anchored. Demonstrated by test patterns
such as /(?(1)^())b/ or /(?(?=^))b/.
+7. Fix subject buffer overread in JIT when UTF is disabled and \X or \R has
+a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
+
Version 8.42 20-March-2018
--------------------------
Modified: code/trunk/pcre_jit_compile.c
===================================================================
--- code/trunk/pcre_jit_compile.c 2018-09-02 17:05:38 UTC (rev 1739)
+++ code/trunk/pcre_jit_compile.c 2018-09-21 07:34:10 UTC (rev 1740)
@@ -9002,7 +9002,7 @@
#ifdef SUPPORT_UTF
&& !common->utf
#endif
- )
+ && type != OP_ANYNL && type != OP_EXTUNI)
{
OP2(SLJIT_ADD, TMP1, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(exact));
add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_GREATER, TMP1, 0, STR_END, 0));
