From 2dafff64385128c972f3ab61fa27abbd1321e214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Wed, 22 Mar 2017 11:05:33 +0100 Subject: [PATCH] Fix a memory leak in pcre2_serialize_decode() when the input is invalid --- ...when-deserializing-invalid-data-Bugz.patch | 40 +++++++++++++++++++ pcre2.spec | 6 +++ 2 files changed, 46 insertions(+) create mode 100644 pcre2-10.23-Fix-memory-leak-when-deserializing-invalid-data-Bugz.patch diff --git a/pcre2-10.23-Fix-memory-leak-when-deserializing-invalid-data-Bugz.patch b/pcre2-10.23-Fix-memory-leak-when-deserializing-invalid-data-Bugz.patch new file mode 100644 index 0000000..78159ca --- /dev/null +++ b/pcre2-10.23-Fix-memory-leak-when-deserializing-invalid-data-Bugz.patch @@ -0,0 +1,40 @@ +From 0fece4355e2a5d494936d285eb200314112c9a8b Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Tue, 21 Mar 2017 16:25:01 +0000 +Subject: [PATCH] Fix memory leak when deserializing invalid data (Bugzilla + 2075). +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@693 6239d852-aaf2-0410-a92c-79f79f948069 + +Petr Písař: Ported to 10.23. + +diff --git a/src/pcre2_serialize.c b/src/pcre2_serialize.c +index 0af26d8..d2cc603 100644 +--- a/src/pcre2_serialize.c ++++ b/src/pcre2_serialize.c +@@ -7,7 +7,7 @@ and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel + Original API code Copyright (c) 1997-2012 University of Cambridge +- New API code Copyright (c) 2016 University of Cambridge ++ New API code Copyright (c) 2016-2017 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -214,7 +214,10 @@ for (i = 0; i < number_of_codes; i++) + if (dst_re->magic_number != MAGIC_NUMBER || + dst_re->name_entry_size > MAX_NAME_SIZE + IMM2_SIZE + 1 || + dst_re->name_count > MAX_NAME_COUNT) ++ { ++ memctl->free(dst_re, memctl->memory_data); + return PCRE2_ERROR_BADSERIALIZEDDATA; ++ } + + /* At the moment only one table is supported. */ + +-- +2.7.4 + diff --git a/pcre2.spec b/pcre2.spec index f584e00..faa40cd 100644 --- a/pcre2.spec +++ b/pcre2.spec @@ -51,6 +51,9 @@ Patch4: pcre2-10.23-Fix-pcre2test-bug-for-global-match-with-zero-termina.pat # Close serialization file in pcre2test after any error, upstream bug #2074, # in upstream after 10.23 Patch5: pcre2-10.23-Close-serialization-file-in-pcre2test-after-any-erro.patch +# Fix a memory leak in pcre2_serialize_decode() when the input is invalid, +# upstream bug #2075, in upsream after 10.23. +Patch6: pcre2-10.23-Fix-memory-leak-when-deserializing-invalid-data-Bugz.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: coreutils @@ -132,6 +135,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # Because of multilib patch libtoolize --copy --force autoreconf -vif @@ -232,6 +236,8 @@ make %{?_smp_mflags} check VERBOSE=yes %changelog * Wed Mar 22 2017 Petr Pisar - 10.23-4 - Close serialization file in pcre2test after any error (upstream bug #2074) +- Fix a memory leak in pcre2_serialize_decode() when the input is invalid + (upstream bug #2075) * Mon Mar 20 2017 Petr Pisar - 10.23-3 - Fix an internal error for a forward reference in a lookbehind with