Fix a buffer overflow when compiling an expression with named groups with a group that reset capture numbers

pcre-8.38-Fix-by-hacking-another-length-computation-issue.patch

@@ -0,0 +1,67 @@
+From 40363ebc19baeab160abaaa55dc84322a89ac35a Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Sat, 5 Dec 2015 16:58:46 +0000
+Subject: [PATCH] Fix (by hacking) another length computation issue.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1619 2f5784b3-3f2a-0410-8824-cb99058d5e15
+
+Petr Písař: Ported to 8.38.
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index 57719b9..087bf2a 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7280,7 +7280,7 @@ for (;; ptr++)
+           issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
+           only mode, we finesse the bug by allowing more memory always. */
+ 
+-          *lengthptr += 2 + 2*LINK_SIZE;
++          *lengthptr += 4 + 4*LINK_SIZE;
+ 
+           /* It is even worse than that. The current reference may be to an
+           existing named group with a different number (so apparently not
+diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
+index 9a0a12d..280692e 100644
+--- a/testdata/testoutput11-16
++++ b/testdata/testoutput11-16
+@@ -231,7 +231,7 @@ Memory allocation (code space): 73
+ ------------------------------------------------------------------
+ 
+ /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
+-Memory allocation (code space): 77
++Memory allocation (code space): 93
+ ------------------------------------------------------------------
+   0  24 Bra
+   2   5 CBra 1
+diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
+index 57e5da0..cdbda74 100644
+--- a/testdata/testoutput11-32
++++ b/testdata/testoutput11-32
+@@ -231,7 +231,7 @@ Memory allocation (code space): 155
+ ------------------------------------------------------------------
+ 
+ /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
+-Memory allocation (code space): 157
++Memory allocation (code space): 189
+ ------------------------------------------------------------------
+   0  24 Bra
+   2   5 CBra 1
+diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
+index 748548a..cb37896 100644
+--- a/testdata/testoutput11-8
++++ b/testdata/testoutput11-8
+@@ -231,7 +231,7 @@ Memory allocation (code space): 45
+ ------------------------------------------------------------------
+ 
+ /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
+-Memory allocation (code space): 50
++Memory allocation (code space): 62
+ ------------------------------------------------------------------
+   0  30 Bra
+   3   7 CBra 1
+-- 
+2.4.3
+

pcre.spec

@@ -59,6 +59,10 @@ Patch8:     pcre-8.38-Fix-x-bug-when-pattern-starts-with-white-space-and-x.patch
 # number greater than the space in the ovector, upstream bug #1741,
 # in fixed in upstream after 8.38
 Patch9:     pcre-8.38-Fix-copy-named-substring-bug.patch
+# Fix a buffer overflow when compiling an expression with named groups with
+# a group that reset capture numbers, upstream bug #1742,
+# fixed in upstream after 8.38
+Patch10:    pcre-8.38-Fix-by-hacking-another-length-computation-issue.patch
 BuildRequires:  readline-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -117,6 +121,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 # Because of rpath patch
 libtoolize --copy --force
 autoreconf -vif
@@ -191,6 +196,8 @@ make %{?_smp_mflags} check VERBOSE=yes
 * Mon Dec 07 2015 Petr Pisar <ppisar@redhat.com> - 8.38-5
 - Fix possible crash in pcre_copy_named_substring() if a named substring has
   number greater than the space in the ovector (upstream bug #1741)
+- Fix a buffer overflow when compiling an expression with named groups with
+  a group that reset capture numbers (upstream bug #1742)
 
 * Fri Dec 04 2015 Petr Pisar <ppisar@redhat.com> - 8.38-4
 - Fix compiling expressions with global extended modifier that is disabled by