/[pcre]/code/trunk/pcre_compile.c
ViewVC logotype

Diff of /code/trunk/pcre_compile.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 200 by ph10, Wed Aug 1 09:10:40 2007 UTC revision 202 by ph10, Fri Aug 3 09:44:26 2007 UTC
# Line 65  used by pcretest. DEBUG is not defined w Line 65  used by pcretest. DEBUG is not defined w
65    
66  #define SETBIT(a,b) a[b/8] |= (1 << (b%8))  #define SETBIT(a,b) a[b/8] |= (1 << (b%8))
67    
68    /* Maximum length value to check against when making sure that the integer that
69    holds the compiled pattern length does not overflow. We make it a bit less than
70    INT_MAX to allow for adding in group terminating bytes, so that we don't have
71    to check them every time. */
72    
73    #define OFLOW_MAX (INT_MAX - 20)
74    
75    
76  /*************************************************  /*************************************************
77  *      Code parameters and static tables         *  *      Code parameters and static tables         *
# Line 206  static const char *error_texts[] = { Line 213  static const char *error_texts[] = {
213    "missing ) after comment",    "missing ) after comment",
214    "parentheses nested too deeply",  /** DEAD **/    "parentheses nested too deeply",  /** DEAD **/
215    /* 20 */    /* 20 */
216    "regular expression too large",    "regular expression is too large",
217    "failed to get memory",    "failed to get memory",
218    "unmatched parentheses",    "unmatched parentheses",
219    "internal error: code overflow",    "internal error: code overflow",
# Line 242  static const char *error_texts[] = { Line 249  static const char *error_texts[] = {
249    "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)",    "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)",
250    "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")",    "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")",
251    /* 50 */    /* 50 */
252    "repeated subpattern is too long",    "repeated subpattern is too long",    /** DEAD **/
253    "octal value is greater than \\377 (not in UTF-8 mode)",    "octal value is greater than \\377 (not in UTF-8 mode)",
254    "internal error: overran compiling workspace",    "internal error: overran compiling workspace",
255    "internal error: previously-checked referenced subpattern not found",    "internal error: previously-checked referenced subpattern not found",
# Line 2258  for (;; ptr++) Line 2265  for (;; ptr++)
2265      */      */
2266    
2267      if (code < last_code) code = last_code;      if (code < last_code) code = last_code;
2268    
2269        /* Paranoid check for integer overflow */
2270    
2271        if (OFLOW_MAX - *lengthptr < code - last_code)
2272          {
2273          *errorcodeptr = ERR20;
2274          goto FAILED;
2275          }
2276    
2277      *lengthptr += code - last_code;      *lengthptr += code - last_code;
2278      DPRINTF(("length=%d added %d c=%c\n", *lengthptr, code - last_code, c));      DPRINTF(("length=%d added %d c=%c\n", *lengthptr, code - last_code, c));
2279    
# Line 2370  for (;; ptr++) Line 2386  for (;; ptr++)
2386      *ptrptr = ptr;      *ptrptr = ptr;
2387      if (lengthptr != NULL)      if (lengthptr != NULL)
2388        {        {
2389          if (OFLOW_MAX - *lengthptr < code - last_code)
2390            {
2391            *errorcodeptr = ERR20;
2392            goto FAILED;
2393            }
2394        *lengthptr += code - last_code;   /* To include callout length */        *lengthptr += code - last_code;   /* To include callout length */
2395        DPRINTF((">> end branch\n"));        DPRINTF((">> end branch\n"));
2396        }        }
# Line 3524  for (;; ptr++) Line 3545  for (;; ptr++)
3545          goto FAILED;          goto FAILED;
3546          }          }
3547    
       /* This is a paranoid check to stop integer overflow later on */  
   
       if (len > MAX_DUPLENGTH)  
         {  
         *errorcodeptr = ERR50;  
         goto FAILED;  
         }  
   
3548        /* If the maximum repeat count is unlimited, find the end of the bracket        /* If the maximum repeat count is unlimited, find the end of the bracket
3549        by scanning through from the start, and compute the offset back to it        by scanning through from the start, and compute the offset back to it
3550        from the current code pointer. There may be an OP_OPT setting following        from the current code pointer. There may be an OP_OPT setting following
# Line 3620  for (;; ptr++) Line 3633  for (;; ptr++)
3633          if (repeat_min > 1)          if (repeat_min > 1)
3634            {            {
3635            /* In the pre-compile phase, we don't actually do the replication. We            /* In the pre-compile phase, we don't actually do the replication. We
3636            just adjust the length as if we had. */            just adjust the length as if we had. Do some paranoid checks for
3637              potential integer overflow. */
3638    
3639            if (lengthptr != NULL)            if (lengthptr != NULL)
3640              *lengthptr += (repeat_min - 1)*length_prevgroup;              {
3641                int delta = (repeat_min - 1)*length_prevgroup;
3642                if ((double)(repeat_min - 1)*(double)length_prevgroup >
3643                                                                (double)INT_MAX ||
3644                    OFLOW_MAX - *lengthptr < delta)
3645                  {
3646                  *errorcodeptr = ERR20;
3647                  goto FAILED;
3648                  }
3649                *lengthptr += delta;
3650                }
3651    
3652            /* This is compiling for real */            /* This is compiling for real */
3653    
# Line 3661  for (;; ptr++) Line 3685  for (;; ptr++)
3685          /* In the pre-compile phase, we don't actually do the replication. We          /* In the pre-compile phase, we don't actually do the replication. We
3686          just adjust the length as if we had. For each repetition we must add 1          just adjust the length as if we had. For each repetition we must add 1
3687          to the length for BRAZERO and for all but the last repetition we must          to the length for BRAZERO and for all but the last repetition we must
3688          add 2 + 2*LINKSIZE to allow for the nesting that occurs. */          add 2 + 2*LINKSIZE to allow for the nesting that occurs. Do some
3689            paranoid checks to avoid integer overflow. */
3690    
3691          if (lengthptr != NULL && repeat_max > 0)          if (lengthptr != NULL && repeat_max > 0)
3692            *lengthptr += repeat_max * (length_prevgroup + 1 + 2 + 2*LINK_SIZE) -            {
3693              2 - 2*LINK_SIZE;  /* Last one doesn't nest */            int delta = repeat_max * (length_prevgroup + 1 + 2 + 2*LINK_SIZE) -
3694                          2 - 2*LINK_SIZE;   /* Last one doesn't nest */
3695              if ((double)repeat_max *
3696                    (double)(length_prevgroup + 1 + 2 + 2*LINK_SIZE)
3697                      > (double)INT_MAX ||
3698                  OFLOW_MAX - *lengthptr < delta)
3699                {
3700                *errorcodeptr = ERR20;
3701                goto FAILED;
3702                }
3703              *lengthptr += delta;
3704              }
3705    
3706          /* This is compiling for real */          /* This is compiling for real */
3707    
# Line 4627  for (;; ptr++) Line 4663  for (;; ptr++)
4663    
4664      if (lengthptr != NULL)      if (lengthptr != NULL)
4665        {        {
4666          if (OFLOW_MAX - *lengthptr < length_prevgroup - 2 - 2*LINK_SIZE)
4667            {
4668            *errorcodeptr = ERR20;
4669            goto FAILED;
4670            }
4671        *lengthptr += length_prevgroup - 2 - 2*LINK_SIZE;        *lengthptr += length_prevgroup - 2 - 2*LINK_SIZE;
4672        code++;        code++;
4673        PUTINC(code, 0, 1 + LINK_SIZE);        PUTINC(code, 0, 1 + LINK_SIZE);
# Line 5122  for (;;) Line 5163  for (;;)
5163      *ptrptr = ptr;      *ptrptr = ptr;
5164      *firstbyteptr = firstbyte;      *firstbyteptr = firstbyte;
5165      *reqbyteptr = reqbyte;      *reqbyteptr = reqbyte;
5166      if (lengthptr != NULL) *lengthptr += length;      if (lengthptr != NULL)
5167          {
5168          if (OFLOW_MAX - *lengthptr < length)
5169            {
5170            *errorcodeptr = ERR20;
5171            return FALSE;
5172            }
5173          *lengthptr += length;
5174          }
5175      return TRUE;      return TRUE;
5176      }      }
5177    

Legend:
Removed from v.200  
changed lines
  Added in v.202

webmaster@exim.org
ViewVC Help
Powered by ViewVC 1.1.12