aboutsummaryrefslogblamecommitdiffstats
path: root/main/pcre/CVE-2020-14155.patch
blob: 3bfa119f3b580ad974d908c08ea4bafdc4f2a406 (plain) (tree)






























                                                                                 
pcre: Fix int overflow when parsing "?C<arg>" callout args.

Numerical args must be 0-255, so this shouldn't break correct usage.

--- a/pcre_compile.c	2020/02/10 17:01:27	1760
+++ b/pcre_compile.c	2020/02/10 17:17:34	1761
@@ -7130,17 +7130,19 @@
           int n = 0;
           ptr++;
           while(IS_DIGIT(*ptr))
+            { 
             n = n * 10 + *ptr++ - CHAR_0;
+            if (n > 255)
+              {
+              *errorcodeptr = ERR38;
+              goto FAILED;
+              }
+            } 
           if (*ptr != CHAR_RIGHT_PARENTHESIS)
             {
             *errorcodeptr = ERR39;
             goto FAILED;
             }
-          if (n > 255)
-            {
-            *errorcodeptr = ERR38;
-            goto FAILED;
-            }
           *code++ = n;
           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
           PUT(code, LINK_SIZE, 0);                          /* Default length */