Fix SEGFAULT caused by dereferencing subject when length==0 on aarch64
Resolves: RHEL-51866
This commit is contained in:
parent
29947c5288
commit
0715e9e4f0
33
pcre2-10.42-jit-fail-early-in-ffcps_-if-subject.patch
Normal file
33
pcre2-10.42-jit-fail-early-in-ffcps_-if-subject.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From f2411acb3711a44497539d17b245bd366d9c26d7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= <carenas@gmail.com>
|
||||||
|
Date: Mon, 12 Dec 2022 08:32:42 -0800
|
||||||
|
Subject: [PATCH] jit: fail early in ffcps_* if subject shorter than offs1
|
||||||
|
(#175)
|
||||||
|
|
||||||
|
FF_FUN would try loading a vector from an invalid address
|
||||||
|
triggering a crash.
|
||||||
|
|
||||||
|
Add the same check that is done in the x86/s390x implementations
|
||||||
|
and that was missing from the original code.
|
||||||
|
|
||||||
|
Fixes: #86
|
||||||
|
---
|
||||||
|
src/pcre2_jit_neon_inc.h | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/pcre2_jit_neon_inc.h b/src/pcre2_jit_neon_inc.h
|
||||||
|
index e74adf12..165602ed 100644
|
||||||
|
--- a/src/pcre2_jit_neon_inc.h
|
||||||
|
+++ b/src/pcre2_jit_neon_inc.h
|
||||||
|
@@ -183,6 +183,8 @@ restart:;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(FFCPS)
|
||||||
|
+if (str_ptr >= str_end)
|
||||||
|
+ return NULL;
|
||||||
|
sljit_u8 *p1 = str_ptr - diff;
|
||||||
|
#endif
|
||||||
|
sljit_s32 align_offset = ((uint64_t)str_ptr & 0xf);
|
||||||
|
--
|
||||||
|
2.45.1
|
||||||
|
|
@ -9,7 +9,7 @@
|
|||||||
#%%global rcversion RC1
|
#%%global rcversion RC1
|
||||||
Name: pcre2
|
Name: pcre2
|
||||||
Version: 10.40
|
Version: 10.40
|
||||||
Release: %{?rcversion:0.}5%{?rcversion:.%rcversion}%{?dist}
|
Release: %{?rcversion:0.}6%{?rcversion:.%rcversion}%{?dist}
|
||||||
%global myversion %{version}%{?rcversion:-%rcversion}
|
%global myversion %{version}%{?rcversion:-%rcversion}
|
||||||
Summary: Perl-compatible regular expression library
|
Summary: Perl-compatible regular expression library
|
||||||
# the library: BSD with exceptions
|
# the library: BSD with exceptions
|
||||||
@ -58,6 +58,8 @@ Patch1: pcre2-10.40-Fix-JIT-regression-in-PHP.patch
|
|||||||
# https://github.com/PCRE2Project/pcre2/commit/457c0e69a8f78d32bc7d4b6422cd01e396a4cf5d
|
# https://github.com/PCRE2Project/pcre2/commit/457c0e69a8f78d32bc7d4b6422cd01e396a4cf5d
|
||||||
Patch2: pcre2-10.42-Match-also-restore-originally-unset-entries-in-recur.patch
|
Patch2: pcre2-10.42-Match-also-restore-originally-unset-entries-in-recur.patch
|
||||||
Patch3: pcre2-10.42-Add-more-examples-fixed-by-300.patch
|
Patch3: pcre2-10.42-Add-more-examples-fixed-by-300.patch
|
||||||
|
# Upstream patch: https://github.com/PCRE2Project/pcre2/commit/f2411acb3711a44497539d17b245bd366d9c26d7
|
||||||
|
Patch4: pcre2-10.42-jit-fail-early-in-ffcps_-if-subject.patch
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -265,6 +267,10 @@ make %{?_smp_mflags} check VERBOSE=yes
|
|||||||
%{_mandir}/man1/pcre2test.*
|
%{_mandir}/man1/pcre2test.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 31 2024 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-6
|
||||||
|
- Fix SEGFAULT caused by dereferencing subject when length==0 on aarch64
|
||||||
|
- Resolves: RHEL-51866
|
||||||
|
|
||||||
* Fri Feb 16 2024 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-5
|
* Fri Feb 16 2024 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-5
|
||||||
- Rebuilt for added pcre2-tools into CRB
|
- Rebuilt for added pcre2-tools into CRB
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user