From 34a7a87211624e7c5767dd728801575dbdd176e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 22 Mar 2017 11:35:51 +0100
Subject: [PATCH] Fix 32-bit error buffer size bug in pcre2test

---
 ...-buffer-size-bug-in-pcre2test-Bugzil.patch | 122 ++++++++++++++++++
 ...revious-patch-was-not-quite-complete.patch |  73 +++++++++++
 pcre2.spec                                    |   9 ++
 3 files changed, 204 insertions(+)
 create mode 100644 pcre2-10.23-Fix-32-bit-error-buffer-size-bug-in-pcre2test-Bugzil.patch
 create mode 100644 pcre2-10.23-Previous-patch-was-not-quite-complete.patch

diff --git a/pcre2-10.23-Fix-32-bit-error-buffer-size-bug-in-pcre2test-Bugzil.patch b/pcre2-10.23-Fix-32-bit-error-buffer-size-bug-in-pcre2test-Bugzil.patch
new file mode 100644
index 0000000..b0bf21e
--- /dev/null
+++ b/pcre2-10.23-Fix-32-bit-error-buffer-size-bug-in-pcre2test-Bugzil.patch
@@ -0,0 +1,122 @@
+From 85f8f579ac7aa268290ed7bd3aca90d927a9b7e9 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
+Date: Tue, 21 Mar 2017 17:46:21 +0000
+Subject: [PATCH 1/2] Fix 32-bit error buffer size bug in pcre2test (Bugzilla
+ 2079).
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@696 6239d852-aaf2-0410-a92c-79f79f948069
+
+Petr Písař: Ported to 10.23.
+---
+ doc/pcre2api.3       | 10 +++++-----
+ src/pcre2_error.c    |  2 +-
+ src/pcre2test.c      |  7 ++++---
+ testdata/testinput2  |  2 ++
+ testdata/testoutput2 |  3 +++
+
+diff --git a/doc/pcre2api.3 b/doc/pcre2api.3
+index e0a434a..0a3d2ee 100644
+--- a/doc/pcre2api.3
++++ b/doc/pcre2api.3
+@@ -1,4 +1,4 @@
+-.TH PCRE2API 3 "24 December 2016" "PCRE2 10.23"
++.TH PCRE2API 3 "21 March 2017" "PCRE2 10.30"
+ .SH NAME
+ PCRE2 - Perl-compatible regular expressions (revised API)
+ .sp
+@@ -2633,8 +2633,8 @@ The internal recursion limit was reached.
+ A text message for an error code from any PCRE2 function (compile, match, or
+ auxiliary) can be obtained by calling \fBpcre2_get_error_message()\fP. The code
+ is passed as the first argument, with the remaining two arguments specifying a
+-code unit buffer and its length, into which the text message is placed. Note
+-that the message is returned in code units of the appropriate width for the
++code unit buffer and its length in code units, into which the text message is
++placed. The message is returned in code units of the appropriate width for the
+ library that is being used.
+ .P
+ The returned message is terminated with a trailing zero, and the function
+@@ -3321,6 +3321,6 @@ Cambridge, England.
+ .rs
+ .sp
+ .nf
+-Last updated: 23 December 2016
+-Copyright (c) 1997-2016 University of Cambridge.
++Last updated: 21 March 2017
++Copyright (c) 1997-2017 University of Cambridge.
+ .fi
+diff --git a/src/pcre2_error.c b/src/pcre2_error.c
+index 9eab4fc..e25c7e6 100644
+--- a/src/pcre2_error.c
++++ b/src/pcre2_error.c
+@@ -271,7 +271,7 @@ distinct.
+ Arguments:
+   enumber       error number
+   buffer        where to put the message (zero terminated)
+-  size          size of the buffer
++  size          size of the buffer in code units
+ 
+ Returns:        length of message if all is well
+                 negative on error
+diff --git a/src/pcre2test.c b/src/pcre2test.c
+index b6d3ec9..9289656 100644
+--- a/src/pcre2test.c
++++ b/src/pcre2test.c
+@@ -2889,7 +2889,7 @@ if (pbuffer32_size < 4*len + 4)
+   {
+   if (pbuffer32 != NULL) free(pbuffer32);
+   pbuffer32_size = 4*len + 4;
+-  if (pbuffer32_size < 256) pbuffer32_size = 256;
++  if (pbuffer32_size < 512) pbuffer32_size = 512;
+   pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
+   if (pbuffer32 == NULL)
+     {
+@@ -7600,7 +7600,8 @@ if (arg_error != NULL)
+   int errcode;
+   char *endptr;
+ 
+-/* Ensure the relevant non-8-bit buffer is available. */
++/* Ensure the relevant non-8-bit buffer is available. Ensure that it is at 
++least 128 code units, because it is used for retrieving error messages. */
+ 
+ #ifdef SUPPORT_PCRE2_16
+   if (test_mode == PCRE16_MODE)
+@@ -7620,7 +7621,7 @@ if (arg_error != NULL)
+ #ifdef SUPPORT_PCRE2_32
+   if (test_mode == PCRE32_MODE)
+     {
+-    pbuffer32_size = 256;
++    pbuffer32_size = 512;
+     pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
+     if (pbuffer32 == NULL)
+       {
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index 5a77e88..d62e975 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -5017,4 +5017,6 @@ a)"xI
+ 
+ /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
+ 
++/\g{3/
++
+ # End of testinput2 
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 3288424..ebf5fbd 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -15570,6 +15570,9 @@ No match
+ 
+ /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
+ 
++/\g{3/
++Failed: error 157 at offset 2: \g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
++
+ # End of testinput2 
+ Error -63: PCRE2_ERROR_BADDATA (unknown error number)
+ Error -62: bad serialized data
+-- 
+2.7.4
+
diff --git a/pcre2-10.23-Previous-patch-was-not-quite-complete.patch b/pcre2-10.23-Previous-patch-was-not-quite-complete.patch
new file mode 100644
index 0000000..c0a247f
--- /dev/null
+++ b/pcre2-10.23-Previous-patch-was-not-quite-complete.patch
@@ -0,0 +1,73 @@
+From 3091213a8f163aaad43390229380e22adb096787 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
+Date: Tue, 21 Mar 2017 18:36:13 +0000
+Subject: [PATCH 2/2] Previous patch was not quite complete.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@697 6239d852-aaf2-0410-a92c-79f79f948069
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ src/pcre2test.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/src/pcre2test.c b/src/pcre2test.c
+index 9289656..b979dd1 100644
+--- a/src/pcre2test.c
++++ b/src/pcre2test.c
+@@ -1017,9 +1017,9 @@ are supported. */
+   if (test_mode == PCRE8_MODE) \
+     r = pcre2_get_error_message_8(a,G(b,8),G(G(b,8),_size)); \
+   else if (test_mode == PCRE16_MODE) \
+-    r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size)); \
++    r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2)); \
+   else \
+-    r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
++    r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
+ 
+ #define PCRE2_GET_OVECTOR_COUNT(a,b) \
+   if (test_mode == PCRE8_MODE) \
+@@ -1399,6 +1399,9 @@ the three different cases. */
+ 
+ /* ----- Common macros for two-mode cases ----- */
+ 
++#define BYTEONE (BITONE/8)
++#define BYTETWO (BITTWO/8)
++
+ #define CASTFLD(t,a,b) \
+   ((test_mode == G(G(PCRE,BITONE),_MODE))? (t)(G(a,BITONE)->b) : \
+     (t)(G(a,BITTWO)->b))
+@@ -1481,9 +1484,9 @@ the three different cases. */
+ 
+ #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
+   if (test_mode == G(G(PCRE,BITONE),_MODE)) \
+-    r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size)); \
++    r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size/BYTEONE)); \
+   else \
+-    r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size))
++    r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size/BYTETWO))
+ 
+ #define PCRE2_GET_OVECTOR_COUNT(a,b) \
+   if (test_mode == G(G(PCRE,BITONE),_MODE)) \
+@@ -1904,7 +1907,7 @@ the three different cases. */
+ #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
+   a = pcre2_dfa_match_16(G(b,16),(PCRE2_SPTR16)c,d,e,f,G(g,16),h,i,j)
+ #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
+-  r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size))
++  r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2))
+ #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_16(G(b,16))
+ #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_16(G(b,16))
+ #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_16(G(a,16),b)
+@@ -2000,7 +2003,7 @@ the three different cases. */
+ #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
+   a = pcre2_dfa_match_32(G(b,32),(PCRE2_SPTR32)c,d,e,f,G(g,32),h,i,j)
+ #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
+-  r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
++  r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
+ #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_32(G(b,32))
+ #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_32(G(b,32))
+ #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_32(G(a,32),b)
+-- 
+2.7.4
+
diff --git a/pcre2.spec b/pcre2.spec
index 5d8a79d..cc6085b 100644
--- a/pcre2.spec
+++ b/pcre2.spec
@@ -58,6 +58,12 @@ Patch6:     pcre2-10.23-Fix-memory-leak-when-deserializing-invalid-data-Bugz.pat
 # a NULL pattern pointer when Unicode support is available, upstream bug #2076,
 # in upstream after 10.23
 Patch7:     pcre2-10.23-Fix-NULL-deference-if-pcre2_callout_enumerate-is-cal.patch
+# 1/2 Fix 32-bit error buffer size bug in pcre2test, upstream bug #2079,
+# in upstream after 10.23
+Patch8:     pcre2-10.23-Fix-32-bit-error-buffer-size-bug-in-pcre2test-Bugzil.patch
+# 2/2 Fix 32-bit error buffer size bug in pcre2test, upstream bug #2079,
+# in upstream after 10.23
+Patch9:     pcre2-10.23-Previous-patch-was-not-quite-complete.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  coreutils
@@ -141,6 +147,8 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
 # Because of multilib patch
 libtoolize --copy --force
 autoreconf -vif
@@ -245,6 +253,7 @@ make %{?_smp_mflags} check VERBOSE=yes
   (upstream bug #2075)
 - Fix a potential NULL dereference in pcre2_callout_enumerate() if called with
   a NULL pattern pointer when Unicode support is available (upstream bug #2076)
+- Fix 32-bit error buffer size bug in pcre2test (upstream bug #2079)
 
 * Mon Mar 20 2017 Petr Pisar <ppisar@redhat.com> - 10.23-3
 - Fix an internal error for a forward reference in a lookbehind with