From fc9ba26bc72de0344465e6598ac9773c7f1147ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 11 Feb 2016 09:33:11 +0100
Subject: [PATCH] Fix workspace overflow for (*ACCEPT) with deeply nested
 parentheses

---
 ...erflow-for-deep-nested-parentheses-w.patch | 152 ++++++++++++++++++
 pcre2.spec                                    |   6 +
 2 files changed, 158 insertions(+)
 create mode 100644 pcre2-10.21-Fix-workspace-overflow-for-deep-nested-parentheses-w.patch

diff --git a/pcre2-10.21-Fix-workspace-overflow-for-deep-nested-parentheses-w.patch b/pcre2-10.21-Fix-workspace-overflow-for-deep-nested-parentheses-w.patch
new file mode 100644
index 0000000..19f6416
--- /dev/null
+++ b/pcre2-10.21-Fix-workspace-overflow-for-deep-nested-parentheses-w.patch
@@ -0,0 +1,152 @@
+From a7d81bb826ca2aa2c46e3297112589cccab359b3 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
+Date: Wed, 10 Feb 2016 18:24:02 +0000
+Subject: [PATCH] Fix workspace overflow for deep nested parentheses with
+ (*ACCEPT).
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@489 6239d852-aaf2-0410-a92c-79f79f948069
+
+Petr Písař: Ported to 10.21.
+
+diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
+index e33d620..887fbfd 100644
+--- a/src/pcre2_compile.c
++++ b/src/pcre2_compile.c
+@@ -5901,10 +5901,22 @@ for (;; ptr++)
+               goto FAILED;
+               }
+             cb->had_accept = TRUE;
++            
++            /* In the first pass, just accumulate the length required;
++            otherwise hitting (*ACCEPT) inside many nested parentheses can
++            cause workspace overflow. */
++              
+             for (oc = cb->open_caps; oc != NULL; oc = oc->next)
+               {
+-              *code++ = OP_CLOSE;
+-              PUT2INC(code, 0, oc->number);
++              if (lengthptr != NULL)
++                {
++                *lengthptr += CU2BYTES(1) + IMM2_SIZE; 
++                }
++              else
++                {       
++                *code++ = OP_CLOSE;
++                PUT2INC(code, 0, oc->number);
++                } 
+               }
+             setverb = *code++ =
+               (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
+diff --git a/testdata/testinput8 b/testdata/testinput8
+index ca3b1b9..7e2a1f0 100644
+--- a/testdata/testinput8
++++ b/testdata/testinput8
+@@ -182,4 +182,6 @@
+ 
+ /((?1)(?2)(?3)(?4)(?5)(?6)(?7)(?8)(?9)(?9)(?8)(?7)(?6)(?5)(?4)(?3)(?2)(?1)(?0)){2,}()()()()()()()()()/debug
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++
+ # End of testinput8
+diff --git a/testdata/testoutput8-16-2 b/testdata/testoutput8-16-2
+index 05669bb..a5e8dec 100644
+--- a/testdata/testoutput8-16-2
++++ b/testdata/testoutput8-16-2
+@@ -1027,4 +1027,7 @@ Capturing subpattern count = 10
+ May match empty string
+ Subject length lower bound = 0
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: error 186 at offset 490: regular expression is too complicated
++
+ # End of testinput8
+diff --git a/testdata/testoutput8-16-3 b/testdata/testoutput8-16-3
+index 31884e1..36133b3 100644
+--- a/testdata/testoutput8-16-3
++++ b/testdata/testoutput8-16-3
+@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
+ May match empty string
+ Subject length lower bound = 0
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: error 114 at offset 509: missing closing parenthesis
++
+ # End of testinput8
+diff --git a/testdata/testoutput8-32-2 b/testdata/testoutput8-32-2
+index babd0c7..99c4fad 100644
+--- a/testdata/testoutput8-32-2
++++ b/testdata/testoutput8-32-2
+@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
+ May match empty string
+ Subject length lower bound = 0
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: error 114 at offset 509: missing closing parenthesis
++
+ # End of testinput8
+diff --git a/testdata/testoutput8-32-3 b/testdata/testoutput8-32-3
+index babd0c7..99c4fad 100644
+--- a/testdata/testoutput8-32-3
++++ b/testdata/testoutput8-32-3
+@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
+ May match empty string
+ Subject length lower bound = 0
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: error 114 at offset 509: missing closing parenthesis
++
+ # End of testinput8
+diff --git a/testdata/testoutput8-32-4 b/testdata/testoutput8-32-4
+index babd0c7..99c4fad 100644
+--- a/testdata/testoutput8-32-4
++++ b/testdata/testoutput8-32-4
+@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
+ May match empty string
+ Subject length lower bound = 0
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: error 114 at offset 509: missing closing parenthesis
++
+ # End of testinput8
+diff --git a/testdata/testoutput8-8-2 b/testdata/testoutput8-8-2
+index 6a9aa0a..6dc1f42 100644
+--- a/testdata/testoutput8-8-2
++++ b/testdata/testoutput8-8-2
+@@ -1026,4 +1026,7 @@ Capturing subpattern count = 10
+ May match empty string
+ Subject length lower bound = 0
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: error 114 at offset 509: missing closing parenthesis
++
+ # End of testinput8
+diff --git a/testdata/testoutput8-8-3 b/testdata/testoutput8-8-3
+index 2fe1168..ae14946 100644
+--- a/testdata/testoutput8-8-3
++++ b/testdata/testoutput8-8-3
+@@ -1024,4 +1024,7 @@ Capturing subpattern count = 10
+ May match empty string
+ Subject length lower bound = 0
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: error 114 at offset 509: missing closing parenthesis
++
+ # End of testinput8
+diff --git a/testdata/testoutput8-8-4 b/testdata/testoutput8-8-4
+index 91993b2..6c79956 100644
+--- a/testdata/testoutput8-8-4
++++ b/testdata/testoutput8-8-4
+@@ -1022,4 +1022,7 @@ Capturing subpattern count = 10
+ May match empty string
+ Subject length lower bound = 0
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: error 114 at offset 509: missing closing parenthesis
++
+ # End of testinput8
+-- 
+2.5.0
+
diff --git a/pcre2.spec b/pcre2.spec
index 36631c0..82b63a0 100644
--- a/pcre2.spec
+++ b/pcre2.spec
@@ -25,6 +25,9 @@ Patch1:     pcre2-10.21-Detect-unmatched-closing-parentheses-in-the-pre-scan.pat
 # Fix pcre2test for expressions with a callout inside a look-behind assertion,
 # upstream bug #1783, fixed in upstream after 10.21
 Patch2:     pcre2-10.21-Fix-pcre2test-loop-when-a-callout-is-in-an-initial-l.patch
+# Fix workspace overflow for (*ACCEPT) with deeply nested parentheses,
+# upstream bug #1791, fixed in upstream after 10.21
+Patch3:     pcre2-10.21-Fix-workspace-overflow-for-deep-nested-parentheses-w.patch
 
 # New libtool to get rid of RPATH and to use distribution autotools
 BuildRequires:  autoconf
@@ -87,6 +90,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 # Because of multilib patch
 libtoolize --copy --force
 autoreconf -vif
@@ -170,6 +174,8 @@ make %{?_smp_mflags} check VERBOSE=yes
 - Report unmatched closing parantheses properly
 - Fix pcre2test for expressions with a callout inside a look-behind assertion
   (upstream bug #1783)
+- Fix workspace overflow for (*ACCEPT) with deeply nested parentheses
+  (upstream bug #1791)
 
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 10.21-1.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild