rpms/pcre
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix buffer over-read in UTF-16 and UTF-32 modes with JIT

Browse Source
This commit is contained in:
Petr Písař 2013-01-28 09:59:14 +01:00
parent 7511b33ca5
commit 25b56008b2
2 changed files with 111 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
pcre-8.32-Fix-two-buffer-over-read-issues-in-16-and-32-bit-mod.patch Normal file
View File

@ -0,0 +1,107 @@
From be692806851f4883b87fc814adc80ab1bb46455e Mon Sep 17 00:00:00 2001
From: zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Sat, 26 Jan 2013 17:51:43 +0000
Subject: [PATCH] Fix two buffer over read issues in 16 and 32 bit modes.
Affects JIT only.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1242 2f5784b3-3f2a-0410-8824-cb99058d5e15
Petr Pisar: Ported to 8.32.
diff --git a/pcre_jit_compile.c b/pcre_jit_compile.c
index 3b83340..7dfe558 100644
--- a/pcre_jit_compile.c
+++ b/pcre_jit_compile.c
@@ -2696,10 +2696,10 @@ if (firstline)
{
SLJIT_ASSERT(common->first_line_end != 0);
OP1(SLJIT_MOV, TMP3, 0, STR_END, 0);
- OP2(SLJIT_SUB, STR_END, 0, SLJIT_MEM1(SLJIT_LOCALS_REG), common->first_line_end, SLJIT_IMM, (location >> 1) - 1);
+ OP2(SLJIT_SUB, STR_END, 0, SLJIT_MEM1(SLJIT_LOCALS_REG), common->first_line_end, SLJIT_IMM, IN_UCHARS((location >> 1) - 1));
}
else
- OP2(SLJIT_SUB, STR_END, 0, STR_END, 0, SLJIT_IMM, (location >> 1) - 1);
+ OP2(SLJIT_SUB, STR_END, 0, STR_END, 0, SLJIT_IMM, IN_UCHARS((location >> 1) - 1));
start = LABEL();
quit = CMP(SLJIT_C_GREATER_EQUAL, STR_PTR, 0, STR_END, 0);
@@ -2728,7 +2728,7 @@ JUMPHERE(quit);
if (firstline)
OP1(SLJIT_MOV, STR_END, 0, TMP3, 0);
else
- OP2(SLJIT_ADD, STR_END, 0, STR_END, 0, SLJIT_IMM, (location >> 1) - 1);
+ OP2(SLJIT_ADD, STR_END, 0, STR_END, 0, SLJIT_IMM, IN_UCHARS((location >> 1) - 1));
return TRUE;
}
@@ -3577,7 +3577,7 @@ do
#endif
context->length -= IN_UCHARS(1);
-#if defined SLJIT_UNALIGNED && SLJIT_UNALIGNED
+#if (defined SLJIT_UNALIGNED && SLJIT_UNALIGNED) && (defined COMPILE_PCRE8 || defined COMPILE_PCRE16)
/* Unaligned read is supported. */
if (othercasebit != 0 && othercasechar == cc)
@@ -3594,27 +3594,18 @@ do
#if defined COMPILE_PCRE8
if (context->ucharptr >= 4 || context->length == 0 || (context->ucharptr == 2 && context->length == 1))
-#elif defined COMPILE_PCRE16
+#else
if (context->ucharptr >= 2 || context->length == 0)
-#elif defined COMPILE_PCRE32
- if (1 /* context->ucharptr >= 1 || context->length == 0 */)
#endif
{
-#if defined COMPILE_PCRE8 || defined COMPILE_PCRE16
if (context->length >= 4)
OP1(SLJIT_MOV_SI, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length);
-#if defined COMPILE_PCRE8
else if (context->length >= 2)
OP1(SLJIT_MOV_UH, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length);
+#if defined COMPILE_PCRE8
else if (context->length >= 1)
OP1(SLJIT_MOV_UB, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length);
-#elif defined COMPILE_PCRE16
- else if (context->length >= 2)
- OP1(SLJIT_MOV_UH, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length);
-#endif /* COMPILE_PCRE[8|16] */
-#elif defined COMPILE_PCRE32
- OP1(MOV_UCHAR, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length);
-#endif /* COMPILE_PCRE[8|16|32] */
+#endif /* COMPILE_PCRE8 */
context->sourcereg = context->sourcereg == TMP1 ? TMP2 : TMP1;
switch(context->ucharptr)
@@ -3625,7 +3616,6 @@ do
add_jump(compiler, backtracks, CMP(SLJIT_C_NOT_EQUAL, context->sourcereg, 0, SLJIT_IMM, context->c.asint | context->oc.asint));
break;
-#if defined COMPILE_PCRE8 || defined COMPILE_PCRE16
case 2 / sizeof(pcre_uchar):
if (context->oc.asushort != 0)
OP2(SLJIT_OR, context->sourcereg, 0, context->sourcereg, 0, SLJIT_IMM, context->oc.asushort);
@@ -3640,8 +3630,6 @@ do
break;
#endif
-#endif /* COMPILE_PCRE[8|16] */
-
default:
SLJIT_ASSERT_STOP();
break;
@@ -3651,8 +3639,8 @@ do
#else
- /* Unaligned read is unsupported. */
- if (context->length > 0)
+ /* Unaligned read is unsupported or in 32 bit mode. */
+ if (context->length >= 1)
OP1(MOV_UCHAR, context->sourcereg, 0, SLJIT_MEM1(STR_PTR), -context->length);
context->sourcereg = context->sourcereg == TMP1 ? TMP2 : TMP1;
--
1.8.1

4
pcre.spec
View File

@ -15,6 +15,8 @@ Patch0: pcre-8.21-multilib.patch
Patch1: pcre-8.32-refused_spelling_terminated.patch Patch1: pcre-8.32-refused_spelling_terminated.patch
# In upstream after 8.32 # In upstream after 8.32
Patch2: pcre-8.32-Fix-forward-search-in-JIT-when-link-size-is-3-or-gre.patch Patch2: pcre-8.32-Fix-forward-search-in-JIT-when-link-size-is-3-or-gre.patch
# In upstream after 8.32
Patch3: pcre-8.32-Fix-two-buffer-over-read-issues-in-16-and-32-bit-mod.patch
BuildRequires: readline-devel BuildRequires: readline-devel
# New libtool to get rid of rpath # New libtool to get rid of rpath
BuildRequires: autoconf, automake, libtool BuildRequires: autoconf, automake, libtool
@ -57,6 +59,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
%patch0 -p1 -b .multilib %patch0 -p1 -b .multilib
%patch1 -p1 -b .terminated_typos %patch1 -p1 -b .terminated_typos
%patch2 -p1 -b .forward_jit %patch2 -p1 -b .forward_jit
%patch3 -p1 -b .buffer_over_read
# Because of rpath patch # Because of rpath patch
libtoolize --copy --force && autoreconf -vif libtoolize --copy --force && autoreconf -vif
# One contributor's name is non-UTF-8 # One contributor's name is non-UTF-8
@ -122,6 +125,7 @@ make check
%changelog %changelog
* Mon Jan 28 2013 Petr Pisar <ppisar@redhat.com> - 8.32-4 * Mon Jan 28 2013 Petr Pisar <ppisar@redhat.com> - 8.32-4
- Fix forward search in JIT when link size is 3 or greater - Fix forward search in JIT when link size is 3 or greater
- Fix buffer over-read in UTF-16 and UTF-32 modes with JIT
* Fri Jan 25 2013 Peter Robinson <pbrobinson@fedoraproject.org> 8.32-3 * Fri Jan 25 2013 Peter Robinson <pbrobinson@fedoraproject.org> 8.32-3
- Adjust autoreconf to fix FTBFS on F-19 - Adjust autoreconf to fix FTBFS on F-19