1 From: Philip Hazel <ph10>
2 Date: Mon, 21 Apr 2014 16:11:50 +0000
3 Subject: Fix silly quantifier size check
5 The tests for quantifiers being too big (greater than 65535) were being
6 applied after reading the number, and stupidly assuming that integer
7 overflow would give a negative number. The tests are now applied as the
10 Bug: http://bugs.exim.org/show_bug.cgi?id=1463
11 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751828
12 Origin: upstream, part of http://vcs.pcre.org/viewvc?view=revision&sortby=date&revision=1472
13 Applied-upstream: 8.36
15 pcre_compile.c | 35 ++++++++++++++++-------------------
16 testdata/testoutput2 | 6 +++---
17 2 files changed, 19 insertions(+), 22 deletions(-)
19 diff --git a/pcre_compile.c b/pcre_compile.c
20 index 8a5b723..ae0027b 100644
23 @@ -1583,30 +1583,30 @@ read_repeat_counts(const pcre_uchar *p, int *minp, int *maxp, int *errorcodeptr)
27 -/* Read the minimum value and do a paranoid check: a negative value indicates
28 -an integer overflow. */
30 -while (IS_DIGIT(*p)) min = min * 10 + (int)(*p++ - CHAR_0);
31 -if (min < 0 || min > 65535)
34 - *errorcodeptr = ERR5;
38 -/* Read the maximum value if there is one, and again do a paranoid on its size.
39 -Also, max must not be less than min. */
40 + min = min * 10 + (int)(*p++ - CHAR_0);
43 + *errorcodeptr = ERR5;
48 if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
50 if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
53 - while(IS_DIGIT(*p)) max = max * 10 + (int)(*p++ - CHAR_0);
54 - if (max < 0 || max > 65535)
57 - *errorcodeptr = ERR5;
60 + max = max * 10 + (int)(*p++ - CHAR_0);
63 + *errorcodeptr = ERR5;
70 @@ -1615,9 +1615,6 @@ if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
74 -/* Fill in the required variables, and pass back the pointer to the terminating
80 diff --git a/testdata/testoutput2 b/testdata/testoutput2
81 index b6da7df..cfb446e 100644
82 --- a/testdata/testoutput2
83 +++ b/testdata/testoutput2
84 @@ -5821,13 +5821,13 @@ No match
87 /a{11111111111111111111}/I
88 -Failed: number too big in {} quantifier at offset 22
89 +Failed: number too big in {} quantifier at offset 8
92 -Failed: number too big in {} quantifier at offset 14
93 +Failed: number too big in {} quantifier at offset 9
96 -Failed: number too big in {} quantifier at offset 15
97 +Failed: number too big in {} quantifier at offset 11
99 "(?i:a)(?i:b)(?i:c)(?i:d)(?i:e)(?i:f)(?i:g)(?i:h)(?i:i)(?i:j)(k)(?i:l)A\1B"I
100 Capturing subpattern count = 1