diff --git a/pcre-8.38-Fix-by-hacking-another-length-computation-issue.patch b/pcre-8.38-Fix-by-hacking-another-length-computation-issue.patch new file mode 100644 index 0000000..14ca191 --- /dev/null +++ b/pcre-8.38-Fix-by-hacking-another-length-computation-issue.patch @@ -0,0 +1,67 @@ +From 40363ebc19baeab160abaaa55dc84322a89ac35a Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Sat, 5 Dec 2015 16:58:46 +0000 +Subject: [PATCH] Fix (by hacking) another length computation issue. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1619 2f5784b3-3f2a-0410-8824-cb99058d5e15 + +Petr Písař: Ported to 8.38. + +diff --git a/pcre_compile.c b/pcre_compile.c +index 57719b9..087bf2a 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -7280,7 +7280,7 @@ for (;; ptr++) + issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance + only mode, we finesse the bug by allowing more memory always. */ + +- *lengthptr += 2 + 2*LINK_SIZE; ++ *lengthptr += 4 + 4*LINK_SIZE; + + /* It is even worse than that. The current reference may be to an + existing named group with a different number (so apparently not +diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16 +index 9a0a12d..280692e 100644 +--- a/testdata/testoutput11-16 ++++ b/testdata/testoutput11-16 +@@ -231,7 +231,7 @@ Memory allocation (code space): 73 + ------------------------------------------------------------------ + + /(?Pa)...(?P=a)bbb(?P>a)d/BM +-Memory allocation (code space): 77 ++Memory allocation (code space): 93 + ------------------------------------------------------------------ + 0 24 Bra + 2 5 CBra 1 +diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32 +index 57e5da0..cdbda74 100644 +--- a/testdata/testoutput11-32 ++++ b/testdata/testoutput11-32 +@@ -231,7 +231,7 @@ Memory allocation (code space): 155 + ------------------------------------------------------------------ + + /(?Pa)...(?P=a)bbb(?P>a)d/BM +-Memory allocation (code space): 157 ++Memory allocation (code space): 189 + ------------------------------------------------------------------ + 0 24 Bra + 2 5 CBra 1 +diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8 +index 748548a..cb37896 100644 +--- a/testdata/testoutput11-8 ++++ b/testdata/testoutput11-8 +@@ -231,7 +231,7 @@ Memory allocation (code space): 45 + ------------------------------------------------------------------ + + /(?Pa)...(?P=a)bbb(?P>a)d/BM +-Memory allocation (code space): 50 ++Memory allocation (code space): 62 + ------------------------------------------------------------------ + 0 30 Bra + 3 7 CBra 1 +-- +2.4.3 + diff --git a/pcre.spec b/pcre.spec index 73e023a..76cbc77 100644 --- a/pcre.spec +++ b/pcre.spec @@ -59,6 +59,10 @@ Patch8: pcre-8.38-Fix-x-bug-when-pattern-starts-with-white-space-and-x.patch # number greater than the space in the ovector, upstream bug #1741, # in fixed in upstream after 8.38 Patch9: pcre-8.38-Fix-copy-named-substring-bug.patch +# Fix a buffer overflow when compiling an expression with named groups with +# a group that reset capture numbers, upstream bug #1742, +# fixed in upstream after 8.38 +Patch10: pcre-8.38-Fix-by-hacking-another-length-computation-issue.patch BuildRequires: readline-devel BuildRequires: autoconf BuildRequires: automake @@ -117,6 +121,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest. %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 # Because of rpath patch libtoolize --copy --force autoreconf -vif @@ -191,6 +196,8 @@ make %{?_smp_mflags} check VERBOSE=yes * Mon Dec 07 2015 Petr Pisar - 8.38-5 - Fix possible crash in pcre_copy_named_substring() if a named substring has number greater than the space in the ovector (upstream bug #1741) +- Fix a buffer overflow when compiling an expression with named groups with + a group that reset capture numbers (upstream bug #1742) * Fri Dec 04 2015 Petr Pisar - 8.38-4 - Fix compiling expressions with global extended modifier that is disabled by