Fix a buffer overflow in partial match test for CRLF in an empty buffer

This commit is contained in:
Petr Písař 2016-12-09 09:11:40 +01:00
parent 546f704a2c
commit 25ee885883
2 changed files with 75 additions and 0 deletions

View File

@ -0,0 +1,69 @@
From d2c8acf36b8d0654c22787facaf8e9cc34d34aec Mon Sep 17 00:00:00 2001
From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
Date: Thu, 8 Dec 2016 17:55:26 +0000
Subject: [PATCH] Fix buffer overflow in partial match test for CRLF in empty
buffer.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Petr Pisar: Ported to 10.22:
commit ec26c8fe3e0a6ee93060ecd7accaa0803dac2ee1
Author: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
Date: Thu Dec 8 17:55:26 2016 +0000
Fix buffer overflow in partial match test for CRLF in empty buffer.
git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@612 6239d852-aaf2-0410-a92c-79f79f948069
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
src/pcre2_match.c | 2 +-
testdata/testinput2 | 3 +++
testdata/testoutput2 | 4 ++++
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/pcre2_match.c b/src/pcre2_match.c
index 0763a23..09efb49 100644
--- a/src/pcre2_match.c
+++ b/src/pcre2_match.c
@@ -2382,7 +2382,7 @@ for (;;)
case OP_ANY:
if (IS_NEWLINE(eptr)) RRETURN(MATCH_NOMATCH);
if (mb->partial != 0 &&
- eptr + 1 >= mb->end_subject &&
+ eptr == mb->end_subject - 1 &&
NLBLOCK->nltype == NLTYPE_FIXED &&
NLBLOCK->nllen == 2 &&
UCHAR21TEST(eptr) == NLBLOCK->nl[0])
diff --git a/testdata/testinput2 b/testdata/testinput2
index 94fbfab..3218cfe 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4825,4 +4825,7 @@ a)"xI
/(?=.*[A-Z])/I
+/./newline=crlf
+\=ph
+
# End of testinput2
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index bdb289d..1776d0d 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -15227,6 +15227,10 @@ Capturing subpattern count = 0
May match empty string
Subject length lower bound = 0
+/./newline=crlf
+\=ph
+No match
+
# End of testinput2
Error -63: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data
--
2.7.4

View File

@ -61,6 +61,9 @@ Patch12: pcre2-10.22-Correct-libpcre2posix-typos-should-be-libpcre2-posix.pat
# Fix a memory leak and a typo in a documentation, in upstream after 10.22, # Fix a memory leak and a typo in a documentation, in upstream after 10.22,
# upstream bug #1973 # upstream bug #1973
Patch13: pcre2-10.22-Fix-small-memory-leak-in-error-code-path.patch Patch13: pcre2-10.22-Fix-small-memory-leak-in-error-code-path.patch
# Fix a buffer overflow in partial match test for CRLF in an empty buffer,
# in upsteam after 10.22, upstream bug #1975
Patch14: pcre2-10.22-Fix-buffer-overflow-in-partial-match-test-for-CRLF-i.patch
# New libtool to get rid of RPATH and to use distribution autotools # New libtool to get rid of RPATH and to use distribution autotools
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -151,6 +154,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test.
%patch11 -p1 %patch11 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p1 %patch13 -p1
%patch14 -p1
# Because of multilib patch # Because of multilib patch
libtoolize --copy --force libtoolize --copy --force
autoreconf -vif autoreconf -vif
@ -250,6 +254,8 @@ make %{?_smp_mflags} check VERBOSE=yes
* Fri Dec 09 2016 Petr Pisar <ppisar@redhat.com> - 10.22-7 * Fri Dec 09 2016 Petr Pisar <ppisar@redhat.com> - 10.22-7
- Fix pcre2-config --libs-posix output (upstream bug #1924) - Fix pcre2-config --libs-posix output (upstream bug #1924)
- Fix a memory leak and a typo in a documentation (upstream bug #1973) - Fix a memory leak and a typo in a documentation (upstream bug #1973)
- Fix a buffer overflow in partial match test for CRLF in an empty buffer
(upstream bug #1975)
* Tue Nov 08 2016 Petr Pisar <ppisar@redhat.com> - 10.22-6 * Tue Nov 08 2016 Petr Pisar <ppisar@redhat.com> - 10.22-6
- Fix faulty auto-anchoring patterns when .* is inside an assertion - Fix faulty auto-anchoring patterns when .* is inside an assertion