From d496ce48940411976617b66a5c941c78313cb78c Mon Sep 17 00:00:00 2001 From: Michael Santos Date: Thu, 18 Mar 2010 20:08:10 -0400 Subject: [PATCH 8/9] Fix check for compile workspace overflow Patch from: http://vcs.pcre.org/viewvc/code/trunk/pcre_compile.c?r1=504&r2=505&view=patch Test case: N = 819, re:compile([lists:duplicate(N, $(), lists:duplicate(N, $))]). Compiling large regular expressions could overflow the workspace buffer. Modify the test to check for a value smaller than the buffer size. --- erts/emulator/pcre/pcre_compile.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) diff --git a/erts/emulator/pcre/pcre_compile.c b/erts/emulator/pcre/pcre_compile.c index 2974336..9508c5a 100644 --- a/erts/emulator/pcre/pcre_compile.c +++ b/erts/emulator/pcre/pcre_compile.c @@ -92,6 +92,11 @@ is 4 there is plenty of room. */ #define COMPILE_WORK_SIZE (4096) +/* The overrun tests check for a slightly smaller size so that they detect the +overrun before it actually does run off the end of the data block. */ + +#define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100) + /* Table for handling escaped characters in the range '0'-'z'. Positive returns are simple data values; negative values are for special things like \d and so @@ -2445,7 +2450,7 @@ for (;; ptr++) #ifdef DEBUG if (code > cd->hwm) cd->hwm = code; /* High water info */ #endif - if (code > cd->start_workspace + COMPILE_WORK_SIZE) /* Check for overrun */ + if (code > cd->start_workspace + WORK_SIZE_CHECK) /* Check for overrun */ { *errorcodeptr = ERR52; goto FAILED; @@ -2494,7 +2499,7 @@ for (;; ptr++) /* In the real compile phase, just check the workspace used by the forward reference list. */ - else if (cd->hwm > cd->start_workspace + COMPILE_WORK_SIZE) + else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK) { *errorcodeptr = ERR52; goto FAILED; -- 1.6.6.1