74 lines
2.0 KiB
Diff
74 lines
2.0 KiB
Diff
From 3f4e0af094ac3d6facb7b8e581ba4bdf47d7d45d Mon Sep 17 00:00:00 2001
|
|
From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
|
|
Date: Fri, 9 Dec 2016 18:19:38 +0000
|
|
Subject: [PATCH] Fix OOB error in substitute with start offset longer than
|
|
length.
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Petr Pisar: Port to 10.22:
|
|
|
|
commit a27071aeed86de6febe845edb6c7376faa2176ba
|
|
Author: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
|
|
Date: Fri Dec 9 18:19:38 2016 +0000
|
|
|
|
Fix OOB error in substitute with start offset longer than length.
|
|
|
|
git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@616 6239d852-aaf2-0410-a92c-79f79f948069
|
|
|
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
---
|
|
src/pcre2_substitute.c | 6 ++++++
|
|
testdata/testinput2 | 3 +++
|
|
testdata/testoutput2 | 4 ++++
|
|
3 files changed, 13 insertions(+)
|
|
|
|
diff --git a/src/pcre2_substitute.c b/src/pcre2_substitute.c
|
|
index 0bf781e..2467d16 100644
|
|
--- a/src/pcre2_substitute.c
|
|
+++ b/src/pcre2_substitute.c
|
|
@@ -287,6 +287,12 @@ options &= ~SUBSTITUTE_OPTIONS;
|
|
|
|
/* Copy up to the start offset */
|
|
|
|
+if (start_offset > length)
|
|
+ {
|
|
+ match_data->leftchar = 0;
|
|
+ rc = PCRE2_ERROR_BADOFFSET;
|
|
+ goto EXIT;
|
|
+ }
|
|
CHECKMEMCPY(subject, start_offset);
|
|
|
|
/* Loop for global substituting. */
|
|
diff --git a/testdata/testinput2 b/testdata/testinput2
|
|
index a7c1ab3..e2865b2 100644
|
|
--- a/testdata/testinput2
|
|
+++ b/testdata/testinput2
|
|
@@ -4831,4 +4831,7 @@ a)"xI
|
|
/(\x0e00\000000\xc)/replace=\P,substitute_extended
|
|
\x0e00\000000\xc
|
|
|
|
+//replace=0
|
|
+\=offset=7
|
|
+
|
|
# End of testinput2
|
|
diff --git a/testdata/testoutput2 b/testdata/testoutput2
|
|
index 9c478bb..29de949 100644
|
|
--- a/testdata/testoutput2
|
|
+++ b/testdata/testoutput2
|
|
@@ -15235,6 +15235,10 @@ No match
|
|
\x0e00\000000\xc
|
|
Failed: error -57 at offset 2 in replacement: bad escape sequence in replacement string
|
|
|
|
+//replace=0
|
|
+\=offset=7
|
|
+Failed: error -33: bad offset value
|
|
+
|
|
# End of testinput2
|
|
Error -63: PCRE2_ERROR_BADDATA (unknown error number)
|
|
Error -62: bad serialized data
|
|
--
|
|
2.7.4
|
|
|