diff --git a/pcre2-10.22-Fix-buffer-overflow-in-partial-match-test-for-CRLF-i.patch b/pcre2-10.22-Fix-buffer-overflow-in-partial-match-test-for-CRLF-i.patch new file mode 100644 index 0000000..893913b --- /dev/null +++ b/pcre2-10.22-Fix-buffer-overflow-in-partial-match-test-for-CRLF-i.patch @@ -0,0 +1,69 @@ +From d2c8acf36b8d0654c22787facaf8e9cc34d34aec Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Thu, 8 Dec 2016 17:55:26 +0000 +Subject: [PATCH] Fix buffer overflow in partial match test for CRLF in empty + buffer. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Petr Pisar: Ported to 10.22: + +commit ec26c8fe3e0a6ee93060ecd7accaa0803dac2ee1 +Author: ph10 +Date: Thu Dec 8 17:55:26 2016 +0000 + + Fix buffer overflow in partial match test for CRLF in empty buffer. + + git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@612 6239d852-aaf2-0410-a92c-79f79f948069 + +Signed-off-by: Petr Písař +--- + src/pcre2_match.c | 2 +- + testdata/testinput2 | 3 +++ + testdata/testoutput2 | 4 ++++ + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/pcre2_match.c b/src/pcre2_match.c +index 0763a23..09efb49 100644 +--- a/src/pcre2_match.c ++++ b/src/pcre2_match.c +@@ -2382,7 +2382,7 @@ for (;;) + case OP_ANY: + if (IS_NEWLINE(eptr)) RRETURN(MATCH_NOMATCH); + if (mb->partial != 0 && +- eptr + 1 >= mb->end_subject && ++ eptr == mb->end_subject - 1 && + NLBLOCK->nltype == NLTYPE_FIXED && + NLBLOCK->nllen == 2 && + UCHAR21TEST(eptr) == NLBLOCK->nl[0]) +diff --git a/testdata/testinput2 b/testdata/testinput2 +index 94fbfab..3218cfe 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -4825,4 +4825,7 @@ a)"xI + + /(?=.*[A-Z])/I + ++/./newline=crlf ++\=ph ++ + # End of testinput2 +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index bdb289d..1776d0d 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -15227,6 +15227,10 @@ Capturing subpattern count = 0 + May match empty string + Subject length lower bound = 0 + ++/./newline=crlf ++\=ph ++No match ++ + # End of testinput2 + Error -63: PCRE2_ERROR_BADDATA (unknown error number) + Error -62: bad serialized data +-- +2.7.4 + diff --git a/pcre2.spec b/pcre2.spec index 410c59d..398ba9d 100644 --- a/pcre2.spec +++ b/pcre2.spec @@ -61,6 +61,9 @@ Patch12: pcre2-10.22-Correct-libpcre2posix-typos-should-be-libpcre2-posix.pat # Fix a memory leak and a typo in a documentation, in upstream after 10.22, # upstream bug #1973 Patch13: pcre2-10.22-Fix-small-memory-leak-in-error-code-path.patch +# Fix a buffer overflow in partial match test for CRLF in an empty buffer, +# in upsteam after 10.22, upstream bug #1975 +Patch14: pcre2-10.22-Fix-buffer-overflow-in-partial-match-test-for-CRLF-i.patch # New libtool to get rid of RPATH and to use distribution autotools BuildRequires: autoconf BuildRequires: automake @@ -151,6 +154,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test. %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 # Because of multilib patch libtoolize --copy --force autoreconf -vif @@ -250,6 +254,8 @@ make %{?_smp_mflags} check VERBOSE=yes * Fri Dec 09 2016 Petr Pisar - 10.22-7 - Fix pcre2-config --libs-posix output (upstream bug #1924) - Fix a memory leak and a typo in a documentation (upstream bug #1973) +- Fix a buffer overflow in partial match test for CRLF in an empty buffer + (upstream bug #1975) * Tue Nov 08 2016 Petr Pisar - 10.22-6 - Fix faulty auto-anchoring patterns when .* is inside an assertion