34 lines
905 B
Diff
34 lines
905 B
Diff
|
From f2411acb3711a44497539d17b245bd366d9c26d7 Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= <carenas@gmail.com>
|
||
|
Date: Mon, 12 Dec 2022 08:32:42 -0800
|
||
|
Subject: [PATCH] jit: fail early in ffcps_* if subject shorter than offs1
|
||
|
(#175)
|
||
|
|
||
|
FF_FUN would try loading a vector from an invalid address
|
||
|
triggering a crash.
|
||
|
|
||
|
Add the same check that is done in the x86/s390x implementations
|
||
|
and that was missing from the original code.
|
||
|
|
||
|
Fixes: #86
|
||
|
---
|
||
|
src/pcre2_jit_neon_inc.h | 2 ++
|
||
|
1 file changed, 2 insertions(+)
|
||
|
|
||
|
diff --git a/src/pcre2_jit_neon_inc.h b/src/pcre2_jit_neon_inc.h
|
||
|
index e74adf12..165602ed 100644
|
||
|
--- a/src/pcre2_jit_neon_inc.h
|
||
|
+++ b/src/pcre2_jit_neon_inc.h
|
||
|
@@ -183,6 +183,8 @@ restart:;
|
||
|
#endif
|
||
|
|
||
|
#if defined(FFCPS)
|
||
|
+if (str_ptr >= str_end)
|
||
|
+ return NULL;
|
||
|
sljit_u8 *p1 = str_ptr - diff;
|
||
|
#endif
|
||
|
sljit_s32 align_offset = ((uint64_t)str_ptr & 0xf);
|
||
|
--
|
||
|
2.45.1
|
||
|
|