rpms/pcre2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Enlarge ovector array match data structure to be large enough in all cases

Browse Source
This commit is contained in:
Petr Písař 2018-01-30 09:40:07 +01:00
parent fd6a3698c1
commit 045dadf330
2 changed files with 85 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
pcre2-10.31-RC1-Increment-dummy-ovector-size-in-internal-structures-.patch Normal file
View File

@ -0,0 +1,76 @@
From e98f42ec8153d9020f2fcc347e11c65b181267a2 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
Date: Tue, 16 Jan 2018 16:50:40 +0000
Subject: [PATCH] Increment dummy ovector size in internal structures to avoid
spurious array bound checker warnings. This fixes oss-fuzz 5415.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@911 6239d852-aaf2-0410-a92c-79f79f948069
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
src/pcre2_intmodedep.h | 20 +++++++++++---------
diff --git a/src/pcre2_intmodedep.h b/src/pcre2_intmodedep.h
index 3b7d18c..c4c4c3a 100644
--- a/src/pcre2_intmodedep.h
+++ b/src/pcre2_intmodedep.h
@@ -7,7 +7,7 @@ and semantics are as close as possible to those of the Perl 5 language.
Written by Philip Hazel
Original API code Copyright (c) 1997-2012 University of Cambridge
- New API code Copyright (c) 2016-2017 University of Cambridge
+ New API code Copyright (c) 2016-2018 University of Cambridge
-----------------------------------------------------------------------------
Redistribution and use in source and binary forms, with or without
@@ -640,11 +640,13 @@ typedef struct pcre2_real_code {
uint16_t name_count; /* Number of name entries in the table */
} pcre2_real_code;
-/* The real match data structure. Define ovector large so that array bound
-checkers don't grumble. Memory for this structure is obtained by calling
-pcre2_match_data_create(), which sets the size as the offset of ovector plus
-pairs of elements for each capturing group. (See also the heapframe structure
-below.) */
+/* The real match data structure. Define ovector as large as it can ever
+actually be so that array bound checkers don't grumble. Memory for this
+structure is obtained by calling pcre2_match_data_create(), which sets the size
+as the offset of ovector plus a pair of elements for each capturable string, so
+the size varies from call to call. As the maximum number of capturing
+subpatterns is 65535 we must allow for 65536 strings to include the overall
+match. (See also the heapframe structure below.) */
typedef struct pcre2_real_match_data {
pcre2_memctl memctl;
@@ -657,7 +659,7 @@ typedef struct pcre2_real_match_data {
uint16_t matchedby; /* Type of match (normal, JIT, DFA) */
uint16_t oveccount; /* Number of pairs */
int rc; /* The return code from the match */
- PCRE2_SIZE ovector[10000];/* The first field */
+ PCRE2_SIZE ovector[131072]; /* Must be last in the structure */
} pcre2_real_match_data;
@@ -804,7 +806,7 @@ typedef struct heapframe {
runtime array bound checks don't catch references to it. However, for any
specific call to pcre2_match() the memory allocated for each frame structure
allows for exactly the right size ovector for the number of capturing
- parentheses. */
+ parentheses. (See also the comment for pcre2_real_match_data above.) */
PCRE2_SPTR eptr; /* MUST BE FIRST */
PCRE2_SPTR start_match; /* Can be adjusted by \K */
@@ -813,7 +815,7 @@ typedef struct heapframe {
uint32_t capture_last; /* Most recent capture */
PCRE2_SIZE last_group_offset; /* Saved offset to most recent group frame */
PCRE2_SIZE offset_top; /* Offset after highest capture */
- PCRE2_SIZE ovector[10000]; /* Must be last in the structure */
+ PCRE2_SIZE ovector[131072]; /* Must be last in the structure */
} heapframe;
typedef char check_heapframe_size[
--
2.13.6

10
pcre2.spec
View File

@ -9,7 +9,7 @@
%global rcversion RC1 %global rcversion RC1
Name: pcre2 Name: pcre2
Version: 10.31 Version: 10.31
Release: %{?rcversion:0.}1%{?rcversion:.%rcversion}%{?dist} Release: %{?rcversion:0.}2%{?rcversion:.%rcversion}%{?dist}
%global myversion %{version}%{?rcversion:-%rcversion} %global myversion %{version}%{?rcversion:-%rcversion}
Summary: Perl-compatible regular expression library Summary: Perl-compatible regular expression library
# the library: BSD with exceptions # the library: BSD with exceptions
@ -48,6 +48,9 @@ URL: http://www.pcre.org/
Source: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/%{?rcversion:Testing/}%{name}-%{myversion}.tar.bz2 Source: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/%{?rcversion:Testing/}%{name}-%{myversion}.tar.bz2
# Do no set RPATH if libdir is not /usr/lib # Do no set RPATH if libdir is not /usr/lib
Patch0: pcre2-10.10-Fix-multilib.patch Patch0: pcre2-10.10-Fix-multilib.patch
# Enlarge ovector array match data structure to be large enough in all cases,
# in upstream after 10.31-RC1, oss-fuzz #5415
Patch1: pcre2-10.31-RC1-Increment-dummy-ovector-size-in-internal-structures-.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: coreutils BuildRequires: coreutils
@ -122,6 +125,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test.
%prep %prep
%setup -q -n %{name}-%{myversion} %setup -q -n %{name}-%{myversion}
%patch0 -p1 %patch0 -p1
%patch1 -p1
# Because of multilib patch # Because of multilib patch
libtoolize --copy --force libtoolize --copy --force
autoreconf -vif autoreconf -vif
@ -229,6 +233,10 @@ make %{?_smp_mflags} check VERBOSE=yes
%{_mandir}/man1/pcre2test.* %{_mandir}/man1/pcre2test.*
%changelog %changelog
* Tue Jan 30 2018 Petr Pisar <ppisar@redhat.com> - 10.31-0.2.RC1
- Enlarge ovector array match data structure to be large enough in all cases
(oss-fuzz #5415)
* Mon Jan 15 2018 Petr Pisar <ppisar@redhat.com> - 10.31-0.1.RC1 * Mon Jan 15 2018 Petr Pisar <ppisar@redhat.com> - 10.31-0.1.RC1
- 10.31-RC1 bump - 10.31-RC1 bump