Fix a memory leak in pcre2_serialize_decode() when the input is invalid

This commit is contained in:
Petr Písař 2017-03-22 11:05:33 +01:00
parent 9c421654ce
commit 2dafff6438
2 changed files with 46 additions and 0 deletions

View File

@ -0,0 +1,40 @@
From 0fece4355e2a5d494936d285eb200314112c9a8b Mon Sep 17 00:00:00 2001
From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
Date: Tue, 21 Mar 2017 16:25:01 +0000
Subject: [PATCH] Fix memory leak when deserializing invalid data (Bugzilla
2075).
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@693 6239d852-aaf2-0410-a92c-79f79f948069
Petr Písař: Ported to 10.23.
diff --git a/src/pcre2_serialize.c b/src/pcre2_serialize.c
index 0af26d8..d2cc603 100644
--- a/src/pcre2_serialize.c
+++ b/src/pcre2_serialize.c
@@ -7,7 +7,7 @@ and semantics are as close as possible to those of the Perl 5 language.
Written by Philip Hazel
Original API code Copyright (c) 1997-2012 University of Cambridge
- New API code Copyright (c) 2016 University of Cambridge
+ New API code Copyright (c) 2016-2017 University of Cambridge
-----------------------------------------------------------------------------
Redistribution and use in source and binary forms, with or without
@@ -214,7 +214,10 @@ for (i = 0; i < number_of_codes; i++)
if (dst_re->magic_number != MAGIC_NUMBER ||
dst_re->name_entry_size > MAX_NAME_SIZE + IMM2_SIZE + 1 ||
dst_re->name_count > MAX_NAME_COUNT)
+ {
+ memctl->free(dst_re, memctl->memory_data);
return PCRE2_ERROR_BADSERIALIZEDDATA;
+ }
/* At the moment only one table is supported. */
--
2.7.4

View File

@ -51,6 +51,9 @@ Patch4: pcre2-10.23-Fix-pcre2test-bug-for-global-match-with-zero-termina.pat
# Close serialization file in pcre2test after any error, upstream bug #2074,
# in upstream after 10.23
Patch5: pcre2-10.23-Close-serialization-file-in-pcre2test-after-any-erro.patch
# Fix a memory leak in pcre2_serialize_decode() when the input is invalid,
# upstream bug #2075, in upsream after 10.23.
Patch6: pcre2-10.23-Fix-memory-leak-when-deserializing-invalid-data-Bugz.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: coreutils
@ -132,6 +135,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test.
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
# Because of multilib patch
libtoolize --copy --force
autoreconf -vif
@ -232,6 +236,8 @@ make %{?_smp_mflags} check VERBOSE=yes
%changelog
* Wed Mar 22 2017 Petr Pisar <ppisar@redhat.com> - 10.23-4
- Close serialization file in pcre2test after any error (upstream bug #2074)
- Fix a memory leak in pcre2_serialize_decode() when the input is invalid
(upstream bug #2075)
* Mon Mar 20 2017 Petr Pisar <ppisar@redhat.com> - 10.23-3
- Fix an internal error for a forward reference in a lookbehind with