[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing
From: |
Paul Eggert |
Subject: |
bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing |
Date: |
Sun, 14 Nov 2021 12:54:58 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 |
As a result of the recent changes to get grep to use PCRE2 instead of
old PCRE, the relevant code now looks like this:
/* STACK_GROWTH_RATE is taken from PCRE's src/pcre2_jit_compile.c.
Going over the jitstack_max limit could trigger an int
overflow bug. */
int STACK_GROWTH_RATE = 8192;
idx_t jitstack_max = MIN (IDX_MAX, SIZE_MAX - (STACK_GROWTH_RATE - 1));
int e = pcre2_match (pc->cre, (PCRE2_SPTR) subject, search_bytes,
search_offset, options, pc->data, pc->mcontext);
if (e == PCRE2_ERROR_JIT_STACKLIMIT
&& pc->jit_stack_size <= jitstack_max / 2)
... code that computes pc->git_stack_size * 2 ...
This should avoid integer overflow in both grep and libpcre2, without
imposing arbitrary limits on what PCRE2 can do. If this more-generous
limit causes problems please let me know.