From 4c90a8bb06e8bed4b62e15b78b461edb0e606df5 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov@gmail.com>
Date: Mon, 19 Apr 2010 13:45:41 +0400
Subject: [PATCH 7/7] Fix check for compile workspace overflow
Patch from:
http://vcs.pcre.org/viewvc/code/trunk/pcre_compile.c?r1=504&r2=505&view=patch
Test case:
N = 819, re:compile([lists:duplicate(N, $(), lists:duplicate(N, $))]).
Compiling large regular expressions could overflow the workspace
buffer. Modify the test to check for a value smaller than the buffer
size.
---
erts/emulator/pcre/pcre_compile.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/erts/emulator/pcre/pcre_compile.c b/erts/emulator/pcre/pcre_compile.c
index 5d2be9a..08ce2b0 100644
--- a/erts/emulator/pcre/pcre_compile.c
+++ b/erts/emulator/pcre/pcre_compile.c
@@ -91,6 +91,11 @@ is 4 there is plenty of room. */
#define COMPILE_WORK_SIZE (4096)
+/* The overrun tests check for a slightly smaller size so that they detect the
+overrun before it actually does run off the end of the data block. */
+
+#define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100)
+
/* Table for handling escaped characters in the range '0'-'z'. Positive returns
are simple data values; negative values are for special things like \d and so
@@ -2444,7 +2449,7 @@ for (;; ptr++)
#ifdef DEBUG
if (code > cd->hwm) cd->hwm = code; /* High water info */
#endif
- if (code > cd->start_workspace + COMPILE_WORK_SIZE) /* Check for overrun */
+ if (code > cd->start_workspace + WORK_SIZE_CHECK) /* Check for overrun */
{
*errorcodeptr = ERR52;
goto FAILED;
@@ -2493,7 +2498,7 @@ for (;; ptr++)
/* In the real compile phase, just check the workspace used by the forward
reference list. */
- else if (cd->hwm > cd->start_workspace + COMPILE_WORK_SIZE)
+ else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK)
{
*errorcodeptr = ERR52;
goto FAILED;
--
1.6.6.1