Fix a buffer overflow in pcretest tool when copying a string in UTF-32 mode

2017-04-21 09:56:27 +02:00 · 2017-04-21 09:56:27 +02:00 · 34de8513c6
commit 34de8513c6
parent 1f8181b38c
2 changed files with 44 additions and 1 deletions
--- a/pcre-8.40-Fix-typo-leading-to-possible-buffer-overflow-in-pcre.patch
+++ b/pcre-8.40-Fix-typo-leading-to-possible-buffer-overflow-in-pcre.patch
@ -0,0 +1,36 @@
+From b2f1496a36e68565421bd21485605d6af2a5819f Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Mon, 27 Mar 2017 16:00:16 +0000
+Subject: [PATCH] Fix typo (leading to possible buffer overflow in
+ pcre_copy_substring()) in pcretest.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1691 2f5784b3-3f2a-0410-8824-cb99058d5e15
+
+Petr Písař: Ported to 8.40.
+---
+ pcretest.c | 4 ++--
+
+diff --git a/pcretest.c b/pcretest.c
+index 0a153be..26578e1 100644
+--- a/pcretest.c
+++ b/pcretest.c
+@@ -426,11 +426,11 @@ argument, the casting might be incorrectly applied. */
+ #define PCRE_COPY_NAMED_SUBSTRING32(rc, re, bptr, offsets, count, \
+     namesptr, cbuffer, size) \
+   rc = pcre32_copy_named_substring((pcre32 *)re, (PCRE_SPTR32)bptr, offsets, \
+-    count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/2)
+    count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/4)
+ 
+ #define PCRE_COPY_SUBSTRING32(rc, bptr, offsets, count, i, cbuffer, size) \
+   rc = pcre32_copy_substring((PCRE_SPTR32)bptr, offsets, count, i, \
+-    (PCRE_UCHAR32 *)cbuffer, size/2)
+    (PCRE_UCHAR32 *)cbuffer, size/4)
+ 
+ #define PCRE_DFA_EXEC32(count, re, extra, bptr, len, start_offset, options, \
+     offsets, size_offsets, workspace, size_workspace) \
+-- 
+2.7.4
+
--- a/pcre.spec
+++ b/pcre.spec
@ -2,7 +2,7 @@
 #%%global rcversion RC1
 Name:       pcre
 Version:    8.40
-Release:    %{?rcversion:0.}6%{?rcversion:.%rcversion}%{?dist}
+Release:    %{?rcversion:0.}7%{?rcversion:.%rcversion}%{?dist}
 %global myversion %{version}%{?rcversion:-%rcversion}
 Summary:    Perl-compatible regular expression library
 Group:      System Environment/Libraries
@ -62,6 +62,9 @@ Patch9:     pcre-8.40-Fix-Unicode-property-crash-for-32-bit-characters-gre.patch
 # Fix DFA match for a possessively repeated character class,
 # upstream bug #2086, in upstream after 8.40
 Patch10:    pcre-8.40-Fix-DFA-match-handling-of-possessive-repeated-charac.patch
+# Fix a buffer overflow in pcretest tool when copying a string in UTF-32 mode,
+# in upstream after 8.40
+Patch11:    pcre-8.40-Fix-typo-leading-to-possible-buffer-overflow-in-pcre.patch
 BuildRequires:  readline-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -161,6 +164,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 # Because of rpath patch
 libtoolize --copy --force
 autoreconf -vif
@ -257,6 +261,9 @@ make %{?_smp_mflags} check VERBOSE=yes
 %{_mandir}/man1/pcretest.*

 %changelog
+* Fri Apr 21 2017 Petr Pisar <ppisar@redhat.com> - 8.40-7
+- Fix a buffer overflow in pcretest tool when copying a string in UTF-32 mode
+
 * Mon Mar 27 2017 Petr Pisar <ppisar@redhat.com> - 8.40-6
 - Fix DFA match for a possessively repeated character class (upstream bug #2086)