From 77fe299a07c5f5d00f08639f980117fe359a6e13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 12 Feb 2020 10:38:12 +0100
Subject: [PATCH] Fix an integer overflow when parsing numbers after "(?C"

---
 ...f-the-number-after-C-as-it-is-read-i.patch | 55 +++++++++++++++++++
 pcre.spec                                     |  5 ++
 2 files changed, 60 insertions(+)
 create mode 100644 pcre-8.43-Check-the-size-of-the-number-after-C-as-it-is-read-i.patch

diff --git a/pcre-8.43-Check-the-size-of-the-number-after-C-as-it-is-read-i.patch b/pcre-8.43-Check-the-size-of-the-number-after-C-as-it-is-read-i.patch
new file mode 100644
index 0000000..06b7db0
--- /dev/null
+++ b/pcre-8.43-Check-the-size-of-the-number-after-C-as-it-is-read-i.patch
@@ -0,0 +1,55 @@
+From 3a9026509f9c1745f378595e55e5024361ad152d Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Mon, 10 Feb 2020 17:17:34 +0000
+Subject: [PATCH] Check the size of the number after (?C as it is read, in
+ order to avoid integer overflow.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1761 2f5784b3-3f2a-0410-8824-cb99058d5e15
+Petr Písař: Ported to 8.43.
+---
+ pcre_compile.c | 14 ++++++++------
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index 079d30a..1e3d6c3 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+ 
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2018 University of Cambridge
++           Copyright (c) 1997-2020 University of Cambridge
+ 
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -7130,17 +7130,19 @@ for (;; ptr++)
+           int n = 0;
+           ptr++;
+           while(IS_DIGIT(*ptr))
++            { 
+             n = n * 10 + *ptr++ - CHAR_0;
++            if (n > 255)
++              {
++              *errorcodeptr = ERR38;
++              goto FAILED;
++              }
++            } 
+           if (*ptr != CHAR_RIGHT_PARENTHESIS)
+             {
+             *errorcodeptr = ERR39;
+             goto FAILED;
+             }
+-          if (n > 255)
+-            {
+-            *errorcodeptr = ERR38;
+-            goto FAILED;
+-            }
+           *code++ = n;
+           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
+           PUT(code, LINK_SIZE, 0);                          /* Default length */
+-- 
+2.21.1
+
diff --git a/pcre.spec b/pcre.spec
index 473ff01..6c34f6f 100644
--- a/pcre.spec
+++ b/pcre.spec
@@ -46,6 +46,9 @@ Patch4:     pcre-8.43-Fix-omission-of-LF-from-list-in-the-C-wrapper.patch
 # Make erroroffset initializion in a POSIX wrapper thread-safe,
 # upstream bug #2447, in upstream after 8.43
 Patch5:     pcre-8.43-Minor-fix-to-avoid-sanitizer-complaint-in-POSIX-wrap.patch
+# Fix an integer overflow when parsing numbers after "(?C",
+# upstream bug #2463, in upstream after 8.43
+Patch6:     pcre-8.43-Check-the-size-of-the-number-after-C-as-it-is-read-i.patch
 BuildRequires:  readline-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -133,6 +136,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 # Because of rpath patch
 libtoolize --copy --force
 autoreconf -vif
@@ -235,6 +239,7 @@ make %{?_smp_mflags} check VERBOSE=yes
 * Wed Feb 12 2020 Petr Pisar <ppisar@redhat.com> - 8.43-3
 - Make erroroffset initializion in a POSIX wrapper thread-safe
   (upstream bug #2447)
+- Fix an integer overflow when parsing numbers after "(?C" (upstream bug #2463)
 
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 8.43-2.2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild