Fix a non-diagnosis of missing assection after (?(?C) that could corrupt process stack

2016-02-29 13:59:32 +01:00 · 2016-02-29 13:59:32 +01:00 · 973bc3361d
commit 973bc3361d
parent eabd8d5446
2 changed files with 110 additions and 1 deletions
--- a/pcre-8.38-Fix-non-diagnosis-of-missing-assertion-after-C.patch
+++ b/pcre-8.38-Fix-non-diagnosis-of-missing-assertion-after-C.patch
@ -0,0 +1,101 @@
+From b3db1b7de5cfaa026ec2bc4a393129461a0f5c57 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Sat, 27 Feb 2016 18:44:41 +0000
+Subject: [PATCH] Fix non-diagnosis of missing assertion after (?(?C).
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1638 2f5784b3-3f2a-0410-8824-cb99058d5e15
+
+Petr Písař: Ported to 8.38.
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index 4ffea0c..254c629 100644
+--- a/pcre_compile.c
+++ b/pcre_compile.c
+@@ -485,7 +485,7 @@ static const char error_texts[] =
+   "lookbehind assertion is not fixed length\0"
+   "malformed number or name after (?(\0"
+   "conditional group contains more than two branches\0"
+-  "assertion expected after (?(\0"
+  "assertion expected after (?( or (?(?C)\0"
+   "(?R or (?[+-]digits must be followed by )\0"
+   /* 30 */
+   "unknown POSIX class name\0"
+@@ -6771,6 +6771,15 @@ for (;; ptr++)
+           for (i = 3;; i++) if (!IS_DIGIT(ptr[i])) break;
+           if (ptr[i] == CHAR_RIGHT_PARENTHESIS)
+             tempptr += i + 1;
+
+          /* tempptr should now be pointing to the opening parenthesis of the
+          assertion condition. */
+
+          if (*tempptr != CHAR_LEFT_PARENTHESIS)
+            {
+            *errorcodeptr = ERR28;
+            goto FAILED;
+            }
+           }
+ 
+         /* For conditions that are assertions, check the syntax, and then exit
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index c805f5f..75e402e 100644
+--- a/testdata/testinput2
+++ b/testdata/testinput2
+@@ -4241,4 +4241,6 @@ backtracking verbs. --/
+      
+ /((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
+ 
+/\N(?(?C)0?!.)*/
+
+ /-- End of testinput2 --/
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 800a72f..5e88d1a 100644
+--- a/testdata/testoutput2
+++ b/testdata/testoutput2
+@@ -555,13 +555,13 @@ Failed: malformed number or name after (?( at offset 4
+ Failed: malformed number or name after (?( at offset 4
+ 
+ /(?(?i))/
+-Failed: assertion expected after (?( at offset 3
+Failed: assertion expected after (?( or (?(?C) at offset 3
+ 
+ /(?(abc))/
+ Failed: reference to non-existent subpattern at offset 7
+ 
+ /(?(?<ab))/
+-Failed: assertion expected after (?( at offset 3
+Failed: assertion expected after (?( or (?(?C) at offset 3
+ 
+ /((?s)blah)\s+\1/I
+ Capturing subpattern count = 1
+@@ -7870,7 +7870,7 @@ No match
+ Failed: malformed number or name after (?( at offset 6
+ 
+ /(?(''))/
+-Failed: assertion expected after (?( at offset 4
+Failed: assertion expected after (?( or (?(?C) at offset 4
+ 
+ /(?('R')stuff)/
+ Failed: reference to non-existent subpattern at offset 7
+@@ -14346,7 +14346,7 @@ No match
+ "((?2)+)((?1))"
+ 
+ "(?(?<E>.*!.*)?)"
+-Failed: assertion expected after (?( at offset 3
+Failed: assertion expected after (?( or (?(?C) at offset 3
+ 
+ "X((?2)()*+){2}+"BZ
+ ------------------------------------------------------------------
+@@ -14667,4 +14667,7 @@ No match
+      
+ /((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
+ 
+/\N(?(?C)0?!.)*/
+Failed: assertion expected after (?( or (?(?C) at offset 4
+
+ /-- End of testinput2 --/
+-- 
+2.5.0
+
--- a/pcre.spec
+++ b/pcre.spec
@ -2,7 +2,7 @@
 #%%global rcversion RC1
 Name:       pcre
 Version:    8.38
-Release:    %{?rcversion:0.}8%{?rcversion:.%rcversion}%{?dist}
+Release:    %{?rcversion:0.}9%{?rcversion:.%rcversion}%{?dist}
 %global myversion %{version}%{?rcversion:-%rcversion}
 Summary:    Perl-compatible regular expression library
 Group:      System Environment/Libraries
@ -81,6 +81,9 @@ Patch14:    pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
 # globally with an ovector less than 2, bug #1312786, upstream bug #1777,
 # fixed in upstream after 8.38
 Patch15:    pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch
+# Fix a non-diagnosis of missing assection after (?(?C) that could corrupt
+# process stack, upstream bug #1780, fixed in upstream after 8.38
+Patch16:    pcre-8.38-Fix-non-diagnosis-of-missing-assertion-after-C.patch
 BuildRequires:  readline-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -145,6 +148,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
+%patch16 -p1
 # Because of rpath patch
 libtoolize --copy --force
 autoreconf -vif
@ -216,6 +220,10 @@ make %{?_smp_mflags} check VERBOSE=yes
 %{_mandir}/man1/pcretest.*

 %changelog
+* Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-9
+- Fix a non-diagnosis of missing assection after (?(?C) that could corrupt
+  process stack (upstream bug #1780)
+
 * Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-8
 - Fix CVE-2016-1283 (a heap buffer overflow in handling of nested duplicate
  named groups with a nested back reference) (bug #1295386)