devel/pcre2/files/patch-CVE-2016-3191


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

--- src/pcre2_compile.c	2016/02/06 16:40:59	488
+++ src/pcre2_compile.c	2016/02/10 18:24:02	489
@@ -5901,10 +5901,22 @@
               goto FAILED;
               }
             cb->had_accept = TRUE;
+            
+            /* In the first pass, just accumulate the length required;
+            otherwise hitting (*ACCEPT) inside many nested parentheses can
+            cause workspace overflow. */
+              
             for (oc = cb->open_caps; oc != NULL; oc = oc->next)
               {
-              *code++ = OP_CLOSE;
-              PUT2INC(code, 0, oc->number);
+              if (lengthptr != NULL)
+                {
+                *lengthptr += CU2BYTES(1) + IMM2_SIZE; 
+                }
+              else
+                {       
+                *code++ = OP_CLOSE;
+                PUT2INC(code, 0, oc->number);
+                } 
               }
             setverb = *code++ =
               (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;