sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-06-05 04:46:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
ports/devel/pcre2/files/patch-CVE-2016-3191
Mark Felder 473279bc1d devel/pcre2: Add patch to resolve CVE 
PR:		208167
Obtained from:	PCRE svn (r489)
Security:	CVE-2016-3191
2016-03-21 02:34:50 +00:00

27 lines
985 B
Text
Raw Blame History

--- src/pcre2_compile.c 2016/02/06 16:40:59 488
+++ src/pcre2_compile.c 2016/02/10 18:24:02 489
@@ -5901,10 +5901,22 @@
goto FAILED;
}
cb->had_accept = TRUE;
+
+ /* In the first pass, just accumulate the length required;
+ otherwise hitting (*ACCEPT) inside many nested parentheses can
+ cause workspace overflow. */
+
for (oc = cb->open_caps; oc != NULL; oc = oc->next)
{
- *code++ = OP_CLOSE;
- PUT2INC(code, 0, oc->number);
+ if (lengthptr != NULL)
+ {
+ *lengthptr += CU2BYTES(1) + IMM2_SIZE;
+ }
+ else
+ {
+ *code++ = OP_CLOSE;
+ PUT2INC(code, 0, oc->number);
+ }
}
setverb = *code++ =
(cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
Reference in a new issue View git blame Copy permalink