diff options
author | zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2018-09-21 07:34:10 +0000 |
---|---|---|
committer | zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2018-09-21 07:34:10 +0000 |
commit | 1aa76cb33f04fcea3127a0859450e5d18369e5e2 (patch) | |
tree | 388e6fa1211b917150e760f1cac9ed587d63a508 | |
parent | 7abc4de8303e8908eeb96714dac53ae10ff465e3 (diff) | |
download | pcre-1aa76cb33f04fcea3127a0859450e5d18369e5e2.tar.gz |
Fix subject buffer overread in JIT.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1740 2f5784b3-3f2a-0410-8824-cb99058d5e15
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | pcre_jit_compile.c | 2 |
2 files changed, 4 insertions, 1 deletions
@@ -37,6 +37,9 @@ subpattern was treated as anchored, when it should not have been, since the assumed empty second branch cannot be anchored. Demonstrated by test patterns such as /(?(1)^())b/ or /(?(?=^))b/. +7. Fix subject buffer overread in JIT when UTF is disabled and \X or \R has +a greater than 1 fixed quantifier. This issue was found by Yunho Kim. + Version 8.42 20-March-2018 -------------------------- diff --git a/pcre_jit_compile.c b/pcre_jit_compile.c index 2bad74b..bc5f9c0 100644 --- a/pcre_jit_compile.c +++ b/pcre_jit_compile.c @@ -9002,7 +9002,7 @@ if (exact > 1) #ifdef SUPPORT_UTF && !common->utf #endif - ) + && type != OP_ANYNL && type != OP_EXTUNI) { OP2(SLJIT_ADD, TMP1, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(exact)); add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_GREATER, TMP1, 0, STR_END, 0)); |