diff options
author | Philip Hazel <Philip.Hazel@gmail.com> | 2022-12-12 15:39:07 +0000 |
---|---|---|
committer | Philip Hazel <Philip.Hazel@gmail.com> | 2022-12-12 15:39:07 +0000 |
commit | fb23bb17dd4b5e48a763c7f84ea094d456b4ee6f (patch) | |
tree | 1843da84107415b6cca6548540140525118e1101 | |
parent | d5986092ff3fe2e951f9841306ac066cc8a340df (diff) | |
download | pcre-fb23bb17dd4b5e48a763c7f84ea094d456b4ee6f.tar.gz |
Apply limit of 65535 to the number of capturing pairs in a match data block (GitHub #176)
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | doc/pcre2api.3 | 4 | ||||
-rw-r--r-- | src/pcre2_match_data.c | 4 | ||||
-rw-r--r-- | testdata/testinput2 | 5 | ||||
-rw-r--r-- | testdata/testoutput2 | 6 |
5 files changed, 21 insertions, 2 deletions
@@ -18,6 +18,10 @@ the allowed maximum, the error message displayed the hard limit incorrectly. This was pointed out on GitHub pull request #171, but the suggested patch didn't cope with all cases. Some further modification was required. +4. Supplying an ovector count of more than 65535 to pcre2_match_data_create() +caused a crash because the field in the match data block is only 16 bits. A +maximum of 65535 is now silently applied. + Version 10.41 06-December-2022 ------------------------------ diff --git a/doc/pcre2api.3 b/doc/pcre2api.3 index 75fca76d..28c6033a 100644 --- a/doc/pcre2api.3 +++ b/doc/pcre2api.3 @@ -2519,7 +2519,9 @@ large enough to hold as many as are expected. A minimum of at least 1 pair is imposed by \fBpcre2_match_data_create()\fP, so it is always possible to return the overall matched string in the case of \fBpcre2_match()\fP or the longest match in the case of -\fBpcre2_dfa_match()\fP. +\fBpcre2_dfa_match()\fP. The maximum number of pairs is 65535; if the the first +argument of \fBpcre2_match_data_create()\fP is greater than this, 65535 is +used. .P The second argument of \fBpcre2_match_data_create()\fP is a pointer to a general context, which can specify custom memory management for obtaining the diff --git a/src/pcre2_match_data.c b/src/pcre2_match_data.c index b34b999b..edb0fc65 100644 --- a/src/pcre2_match_data.c +++ b/src/pcre2_match_data.c @@ -51,13 +51,15 @@ POSSIBILITY OF SUCH DAMAGE. * Create a match data block given ovector size * *************************************************/ -/* A minimum of 1 is imposed on the number of ovector pairs. */ +/* A minimum of 1 is imposed on the number of ovector pairs. A maximum is also +imposed because the oveccount field in a match data block is uintt6_t. */ PCRE2_EXP_DEFN pcre2_match_data * PCRE2_CALL_CONVENTION pcre2_match_data_create(uint32_t oveccount, pcre2_general_context *gcontext) { pcre2_match_data *yield; if (oveccount < 1) oveccount = 1; +if (oveccount > UINT16_MAX) oveccount = UINT16_MAX; yield = PRIV(memctl_malloc)( offsetof(pcre2_match_data, ovector) + 2*oveccount*sizeof(PCRE2_SIZE), (pcre2_memctl *)gcontext); diff --git a/testdata/testinput2 b/testdata/testinput2 index 717ba2ae..c63921c4 100644 --- a/testdata/testinput2 +++ b/testdata/testinput2 @@ -5934,5 +5934,10 @@ a)"xI -- \[X]{-10} + +# Check imposition of maximum by match_data_create(). + +/abcd/ + abcd\=ovector=65536 # End of testinput2 diff --git a/testdata/testoutput2 b/testdata/testoutput2 index d2188d3c..7069b653 100644 --- a/testdata/testoutput2 +++ b/testdata/testoutput2 @@ -17749,6 +17749,12 @@ Subject length lower bound = 2 -- \[X]{-10} ** Zero or negative repeat not allowed + +# Check imposition of maximum by match_data_create(). + +/abcd/ + abcd\=ovector=65536 + 0: abcd # End of testinput2 Error -70: PCRE2_ERROR_BADDATA (unknown error number) |