From 2a84c20cef8e83c598eabab2ed24c216a1720cb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Tue, 2 Jun 2020 16:36:53 +0200 Subject: [PATCH] Fix an infinite loop when a single-byte newline is search in JIT if an invalid UTF-8 mode is enabled --- ...op-when-a-single-byte-newline-is-sea.patch | 157 ++++++++++++++++++ pcre2.spec | 10 +- 2 files changed, 166 insertions(+), 1 deletion(-) create mode 100644 pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch diff --git a/pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch b/pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch new file mode 100644 index 0000000..254258d --- /dev/null +++ b/pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch @@ -0,0 +1,157 @@ +From 58040c3b15f966857eef0b35885800f0805e7c7a Mon Sep 17 00:00:00 2001 +From: zherczeg +Date: Fri, 29 May 2020 14:20:23 +0000 +Subject: [PATCH] Fix inifinite loop when a single byte newline is searched in + JIT. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1258 6239d852-aaf2-0410-a92c-79f79f948069 +Petr Písař: Ported to 10.35. +--- + src/pcre2_jit_compile.c | 9 ++++++++- + src/pcre2_jit_test.c | 38 +++++++++++++++++++++++++------------- + +diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c +index 33ad7e6..4a3ddd8 100644 +--- a/src/pcre2_jit_compile.c ++++ b/src/pcre2_jit_compile.c +@@ -4578,7 +4578,14 @@ if (common->nltype != NLTYPE_ANY) + /* All newlines are ascii, just skip intermediate octets. */ + jump[0] = CMP(SLJIT_GREATER_EQUAL, STR_PTR, 0, STR_END, 0); + loop = LABEL(); +- OP1(MOV_UCHAR, TMP2, 0, SLJIT_MEM1(STR_PTR), IN_UCHARS(0)); ++ if (sljit_emit_mem(compiler, MOV_UCHAR | SLJIT_MEM_SUPP | SLJIT_MEM_POST, TMP2, SLJIT_MEM1(STR_PTR), IN_UCHARS(1)) == SLJIT_SUCCESS) ++ sljit_emit_mem(compiler, MOV_UCHAR | SLJIT_MEM_POST, TMP2, SLJIT_MEM1(STR_PTR), IN_UCHARS(1)); ++ else ++ { ++ OP1(MOV_UCHAR, TMP2, 0, SLJIT_MEM1(STR_PTR), IN_UCHARS(0)); ++ OP2(SLJIT_ADD, STR_PTR, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(1)); ++ } ++ + OP2(SLJIT_AND, TMP2, 0, TMP2, 0, SLJIT_IMM, 0xc0); + CMPTO(SLJIT_EQUAL, TMP2, 0, SLJIT_IMM, 0x80, loop); + OP2(SLJIT_SUB, STR_PTR, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(1)); +diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c +index a29fffa..16dade7 100644 +--- a/src/pcre2_jit_test.c ++++ b/src/pcre2_jit_test.c +@@ -1831,7 +1831,9 @@ struct invalid_utf8_regression_test_case { + const char *input; + }; + +-static struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cases[] = { ++static const char invalid_utf8_newline_cr; ++ ++static const struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cases[] = { + { UDA, CI, 0, 0, 0, 0, 4, { ".", NULL }, "\xf4\x8f\xbf\xbf" }, + { UDA, CI, 0, 0, 0, 0, 4, { ".", NULL }, "\xf0\x90\x80\x80" }, + { UDA, CI, 0, 0, 0, -1, -1, { ".", NULL }, "\xf4\x90\x80\x80" }, +@@ -1974,6 +1976,8 @@ static struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cas + { 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\X{2}", NULL }, "\r\n\n" }, + { 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\R{2}", NULL }, "\r\n\n" }, + ++ { PCRE2_UTF | PCRE2_MULTILINE, CI, 0, 0, 0, -1, -1, { "^.a", &invalid_utf8_newline_cr }, "\xc3\xa7#a" }, ++ + { 0, 0, 0, 0, 0, 0, 0, { NULL, NULL }, NULL } + }; + +@@ -1981,7 +1985,7 @@ static struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cas + #undef CI + #undef CPI + +-static int run_invalid_utf8_test(struct invalid_utf8_regression_test_case *current, ++static int run_invalid_utf8_test(const struct invalid_utf8_regression_test_case *current, + int pattern_index, int i, pcre2_compile_context_8 *ccontext, pcre2_match_data_8 *mdata) + { + pcre2_code_8 *code; +@@ -2034,7 +2038,7 @@ static int run_invalid_utf8_test(struct invalid_utf8_regression_test_case *curre + + static int invalid_utf8_regression_tests(void) + { +- struct invalid_utf8_regression_test_case *current; ++ const struct invalid_utf8_regression_test_case *current; + pcre2_compile_context_8 *ccontext; + pcre2_match_data_8 *mdata; + int total = 0, successful = 0; +@@ -2051,10 +2055,18 @@ static int invalid_utf8_regression_tests(void) + total++; + + result = 1; +- if (!run_invalid_utf8_test(current, total - 1, 0, ccontext, mdata)) +- result = 0; +- if (!run_invalid_utf8_test(current, total - 1, 1, ccontext, mdata)) +- result = 0; ++ if (current->pattern[1] != &invalid_utf8_newline_cr) ++ { ++ if (!run_invalid_utf8_test(current, total - 1, 0, ccontext, mdata)) ++ result = 0; ++ if (!run_invalid_utf8_test(current, total - 1, 1, ccontext, mdata)) ++ result = 0; ++ } else { ++ pcre2_set_newline_8(ccontext, PCRE2_NEWLINE_CR); ++ if (!run_invalid_utf8_test(current, total - 1, 0, ccontext, mdata)) ++ result = 0; ++ pcre2_set_newline_8(ccontext, PCRE2_NEWLINE_ANY); ++ } + + if (result) { + successful++; +@@ -2128,7 +2140,7 @@ static PCRE2_UCHAR16 test16_10[] = { ' ', 0xdc00, 0xd800, 0x2028, '#', 0 }; + static PCRE2_UCHAR16 test16_11[] = { 0xdc00, 0xdc00, 0xd800, 0xdc00, 0xdc00, '#', 0xd800, 0xdc00, '#', 0 }; + static PCRE2_UCHAR16 test16_12[] = { '#', 0xd800, 0xdc00, 0xd800, '#', 0xd800, 0xdc00, 0xdc00, 0xdc00, '#', 0xd800, 0xdc00, '#', 0 }; + +-static struct invalid_utf16_regression_test_case invalid_utf16_regression_test_cases[] = { ++static const struct invalid_utf16_regression_test_case invalid_utf16_regression_test_cases[] = { + { UDA, CI, 0, 0, 0, 0, 1, { allany16, NULL }, test16_1 }, + { UDA, CI, 1, 0, 0, 1, 2, { allany16, NULL }, test16_1 }, + { UDA, CI, 2, 0, 0, 2, 3, { allany16, NULL }, test16_1 }, +@@ -2182,7 +2194,7 @@ static struct invalid_utf16_regression_test_case invalid_utf16_regression_test_c + #undef CI + #undef CPI + +-static int run_invalid_utf16_test(struct invalid_utf16_regression_test_case *current, ++static int run_invalid_utf16_test(const struct invalid_utf16_regression_test_case *current, + int pattern_index, int i, pcre2_compile_context_16 *ccontext, pcre2_match_data_16 *mdata) + { + pcre2_code_16 *code; +@@ -2242,7 +2254,7 @@ static int run_invalid_utf16_test(struct invalid_utf16_regression_test_case *cur + + static int invalid_utf16_regression_tests(void) + { +- struct invalid_utf16_regression_test_case *current; ++ const struct invalid_utf16_regression_test_case *current; + pcre2_compile_context_16 *ccontext; + pcre2_match_data_16 *mdata; + int total = 0, successful = 0; +@@ -2329,7 +2341,7 @@ static PCRE2_UCHAR32 test32_4[] = { '#', 0x10ffff, 0x110000, 0 }; + static PCRE2_UCHAR32 test32_5[] = { ' ', 0x2028, '#', 0 }; + static PCRE2_UCHAR32 test32_6[] = { ' ', 0x110000, 0x2028, '#', 0 }; + +-static struct invalid_utf32_regression_test_case invalid_utf32_regression_test_cases[] = { ++static const struct invalid_utf32_regression_test_case invalid_utf32_regression_test_cases[] = { + { UDA, CI, 0, 0, 0, 0, 1, { allany32, NULL }, test32_1 }, + { UDA, CI, 2, 0, 0, -1, -1, { allany32, NULL }, test32_1 }, + { UDA, CI, 0, 0, 0, 0, 1, { allany32, NULL }, test32_2 }, +@@ -2369,7 +2381,7 @@ static struct invalid_utf32_regression_test_case invalid_utf32_regression_test_c + #undef CI + #undef CPI + +-static int run_invalid_utf32_test(struct invalid_utf32_regression_test_case *current, ++static int run_invalid_utf32_test(const struct invalid_utf32_regression_test_case *current, + int pattern_index, int i, pcre2_compile_context_32 *ccontext, pcre2_match_data_32 *mdata) + { + pcre2_code_32 *code; +@@ -2429,7 +2441,7 @@ static int run_invalid_utf32_test(struct invalid_utf32_regression_test_case *cur + + static int invalid_utf32_regression_tests(void) + { +- struct invalid_utf32_regression_test_case *current; ++ const struct invalid_utf32_regression_test_case *current; + pcre2_compile_context_32 *ccontext; + pcre2_match_data_32 *mdata; + int total = 0, successful = 0; +-- +2.25.4 + diff --git a/pcre2.spec b/pcre2.spec index 8a6743f..8c00935 100644 --- a/pcre2.spec +++ b/pcre2.spec @@ -9,7 +9,7 @@ #%%global rcversion RC1 Name: pcre2 Version: 10.35 -Release: %{?rcversion:0.}2%{?rcversion:.%rcversion}%{?dist} +Release: %{?rcversion:0.}3%{?rcversion:.%rcversion}%{?dist} %global myversion %{version}%{?rcversion:-%rcversion} Summary: Perl-compatible regular expression library # the library: BSD with exceptions @@ -57,6 +57,9 @@ Patch1: pcre2-10.35-Apply-H.J.-Lu-s-patch-to-pass-mshstk-to-the-compiler.pat # 2/2 Enable shadow stack built-in functions if -fcf-protection compiler flag is # used, upstream bug #2578, in upstream after 10.35 Patch2: pcre2-10.35-Fix-previous-commit-include-CET_CFLAGS-in-16-bit-and.patch +# Fix an infinite loop when a single-byte newline is search in JIT if an +# invalid UTF-8 mode is enabled, upstream bug #2581, in upstream after 10.35 +Patch3: pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: coreutils @@ -150,6 +153,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 # Because of multilib patch libtoolize --copy --force autoreconf -vif @@ -263,6 +267,10 @@ make %{?_smp_mflags} check VERBOSE=yes %{_mandir}/man1/pcre2test.* %changelog +* Tue Jun 02 2020 Petr Pisar - 10.35-3 +- Fix an infinite loop when a single-byte newline is search in JIT if an + invalid UTF-8 mode is enabled (upstream bug #2581) + * Wed May 27 2020 Petr Pisar - 10.35-2 - Enable shadow stack built-in functions if -fcf-protection compiler flag is used by patching a build script (upstream bug #2578)