Fix subject buffer overread in JIT.

git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1740 2f5784b3-3f2a-0410-8824-cb99058d5e15

2 files changed, 4 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 8eed174..9bfbc9b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,9 @@ subpattern was treated as anchored, when it should not have been, since the
 assumed empty second branch cannot be anchored. Demonstrated by test patterns 
 such as /(?(1)^())b/ or /(?(?=^))b/.
 
+7. Fix subject buffer overread in JIT when UTF is disabled and \X or \R has
+a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
+
 
 Version 8.42 20-March-2018
 --------------------------
diff --git a/pcre_jit_compile.c b/pcre_jit_compile.c
index 2bad74b..bc5f9c0 100644
--- a/pcre_jit_compile.c
+++ b/pcre_jit_compile.c
@@ -9002,7 +9002,7 @@ if (exact > 1)
 #ifdef SUPPORT_UTF
       && !common->utf
 #endif
-      )
+      && type != OP_ANYNL && type != OP_EXTUNI)
     {
     OP2(SLJIT_ADD, TMP1, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(exact));
     add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_GREATER, TMP1, 0, STR_END, 0));