packages/pcre2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix a possible integer overflow in DFA matching (#305)

Browse Source 
(cherry picked from commit 2a38eb8cf0ea512b022a3223debb76724d3a22d2)
This commit is contained in:
xujing 2023-12-14 11:31:15 +08:00 committed by openeuler-sync-bot
parent 8c7853d95d
commit 76141f2f97
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
backport-fix-a-possible-integer-overflow-in-DFA-matching-305.patch Normal file
View File

@ -0,0 +1,24 @@
From d231944236c6516de2831cbdde3069dab180ae81 Mon Sep 17 00:00:00 2001
From: pkuzco <b.naamneh@gmail.com>
Date: Mon, 9 Oct 2023 17:46:42 +0200
Subject: [PATCH] fix a possible integer overflow in DFA matching (#305)
---
src/pcre2_dfa_match.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pcre2_dfa_match.c b/src/pcre2_dfa_match.c
index 518ac07..13b1ae4 100644
--- a/src/pcre2_dfa_match.c
+++ b/src/pcre2_dfa_match.c
@@ -428,7 +428,7 @@ overflow. */
else
{
- uint32_t newsize = (rws->size >= UINT32_MAX/2)? UINT32_MAX/2 : rws->size * 2;
+ uint32_t newsize = (rws->size >= UINT32_MAX/(sizeof(int)*2))? UINT32_MAX/sizeof(int) : rws->size * 2;
uint32_t newsizeK = newsize/(1024/sizeof(int));
if (newsizeK + mb->heap_used > mb->heap_limit)
--
2.33.0

6
pcre2.spec
View File

@ -1,6 +1,6 @@
Name: pcre2 Name: pcre2
Version: 10.35 Version: 10.35
Release: 5 Release: 6
Summary: Perl Compatible Regular Expressions Summary: Perl Compatible Regular Expressions
License: BSD License: BSD
URL: http://www.pcre.org/ URL: http://www.pcre.org/
@ -36,6 +36,7 @@ Patch6019: backport-Fixed-an-issue-in-the-backtracking-optimization-of-c.pat
Patch6020: backport-jit-fail-early-in-ffcps_-if-subject-shorter-than-off.patch Patch6020: backport-jit-fail-early-in-ffcps_-if-subject-shorter-than-off.patch
Patch6021: backport-jit-fix-pcre2_jit_free_unused_memory-if-sljit-not-us.patch Patch6021: backport-jit-fix-pcre2_jit_free_unused_memory-if-sljit-not-us.patch
Patch6022: backport-fix-CVE-2022-41409.patch Patch6022: backport-fix-CVE-2022-41409.patch
Patch6023: backport-fix-a-possible-integer-overflow-in-DFA-matching-305.patch
BuildRequires: autoconf libtool automake coreutils gcc make readline-devel BuildRequires: autoconf libtool automake coreutils gcc make readline-devel
Obsoletes: pcre2-utf16 pcre2-utf32 pcre2-tools Obsoletes: pcre2-utf16 pcre2-utf32 pcre2-tools
@ -152,6 +153,9 @@ make check
%{_pkgdocdir}/html/ %{_pkgdocdir}/html/
%changelog %changelog
* Thu Dec 14 2023 xujing <xujing125@huawei.com> - 10.35-6
- DESC:fix a possible integer overflow in DFA matching (#305)
* Mon Jul 31 2023 yangmingtai <yangmingtai@huawei.com> - 10.35-5 * Mon Jul 31 2023 yangmingtai <yangmingtai@huawei.com> - 10.35-5
- DESC:fix CVE-2022-41409 - DESC:fix CVE-2022-41409