diff options
| author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2018-01-29 14:45:51 +0000 |
|---|---|---|
| committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2018-01-29 14:45:51 +0000 |
| commit | 4ffc344ddf6246bf8d19c94c58af0853ae6768a7 (patch) | |
| tree | 7fb9a380eab43c7253d1ad603ae600c1627f2272 | |
| parent | 51e5b82572f00a82c616286bb0b8b94b29e2b636 (diff) | |
| download | pcre-4ffc344ddf6246bf8d19c94c58af0853ae6768a7.tar.gz | |
Fix out-of-bounds read for partial matching of /./ against an empty string
when the newline type is CRLF.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1723 2f5784b3-3f2a-0410-8824-cb99058d5e15
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | pcre_exec.c | 4 |
2 files changed, 8 insertions, 5 deletions
@@ -26,9 +26,9 @@ in a given mode, it was also expected that at least one mode is available. This is fixed and pcre_jit_exec returns with PCRE_ERROR_JIT_BADOPTION when the pattern is not optimized by JIT at all. -6. The line number and related variables such as match counts in pcregrep -were all int variables, causing overflow when files with more than 2147483647 -lines were processed (assuming 32-bit ints). They have all been changed to +6. The line number and related variables such as match counts in pcregrep +were all int variables, causing overflow when files with more than 2147483647 +lines were processed (assuming 32-bit ints). They have all been changed to unsigned long ints. 7. If a backreference with a minimum repeat count of zero was first in a @@ -36,6 +36,9 @@ pattern, apart from assertions, an incorrect first matching character could be recorded. For example, for the pattern /(?=(a))\1?b/, "b" was incorrectly set as the first character of a match. +8. Fix out-of-bounds read for partial matching of /./ against an empty string +when the newline type is CRLF. + Version 8.41 05-July-2017 ------------------------- diff --git a/pcre_exec.c b/pcre_exec.c index 1a9bdd5..1993cb3 100644 --- a/pcre_exec.c +++ b/pcre_exec.c @@ -6,7 +6,7 @@ and semantics are as close as possible to those of the Perl 5 language. Written by Philip Hazel - Copyright (c) 1997-2014 University of Cambridge + Copyright (c) 1997-2018 University of Cambridge ----------------------------------------------------------------------------- Redistribution and use in source and binary forms, with or without @@ -2305,7 +2305,7 @@ for (;;) case OP_ANY: if (IS_NEWLINE(eptr)) RRETURN(MATCH_NOMATCH); if (md->partial != 0 && - eptr + 1 >= md->end_subject && + eptr == md->end_subject - 1 && NLBLOCK->nltype == NLTYPE_FIXED && NLBLOCK->nllen == 2 && UCHAR21TEST(eptr) == NLBLOCK->nl[0]) |