1 Description: CVE-2015-3210: heap buffer overflow in pcre_compile2() / compile_regex()
2 Fix buffer overflow for named recursive back reference when
3 the name is duplicated.
4 Origin: upstream, http://vcs.pcre.org/pcre?view=revision&revision=1558
5 Bug: https://bugs.exim.org/show_bug.cgi?id=1636
6 Bug-Debian: https://bugs.debian.org/787433
8 Last-Update: 2015-09-10
9 Applied-Upstream: not-yet (8.38)
13 @@ -7082,14 +7082,26 @@ for (;; ptr++)
14 number. If the name is not found, set the value to 0 for a forward
18 ng = cd->named_groups;
19 for (i = 0; i < cd->names_found; i++, ng++)
21 if (namelen == ng->length &&
22 STRNCMP_UC_UC(name, ng->name, namelen) == 0)
27 + if (is_recurse) break;
28 + for (oc = cd->open_caps; oc != NULL; oc = oc->next)
30 + if (oc->number == recno)
38 - recno = (i < cd->names_found)? ng->number : 0;
40 /* Count named back references. */
42 --- a/testdata/testinput2
43 +++ b/testdata/testinput2
44 @@ -4068,4 +4068,6 @@ backtracking verbs. --/
48 +"(?J)(?'d'(?'d'\g{d}))"
50 /-- End of testinput2 --/
51 --- a/testdata/testoutput2
52 +++ b/testdata/testoutput2
53 @@ -14190,4 +14190,6 @@ Failed: parentheses are too deeply neste
55 ------------------------------------------------------------------
57 +"(?J)(?'d'(?'d'\g{d}))"
59 /-- End of testinput2 --/