diff options
Diffstat (limited to '15c4228aa2ffa02140a99912dd3177df0b1841c6.patch')
-rw-r--r-- | 15c4228aa2ffa02140a99912dd3177df0b1841c6.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch b/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch new file mode 100644 index 0000000..88dd8e8 --- /dev/null +++ b/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch @@ -0,0 +1,37 @@ +From 15c4228aa2ffa02140a99912dd3177df0b1841c6 Mon Sep 17 00:00:00 2001 +From: "K.Kosako" <kkosako0@gmail.com> +Date: Fri, 4 Oct 2019 19:54:40 +0900 +Subject: [PATCH] fix #156: Heap buffer overflow in match_at() with + case-insensitive match + +--- + src/regcomp.c | 2 +- + src/regexec.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/regcomp.c b/src/regcomp.c +index cd379a2..52f6f01 100644 +--- a/src/regcomp.c ++++ b/src/regcomp.c +@@ -734,8 +734,8 @@ add_compile_string(UChar* s, int mb_len, int str_len, + COP(reg)->exact_n.s = p; + } + else { ++ xmemset(COP(reg)->exact.s, 0, sizeof(COP(reg)->exact.s)); + xmemcpy(COP(reg)->exact.s, s, (size_t )byte_len); +- COP(reg)->exact.s[byte_len] = '\0'; + } + + return 0; +diff --git a/src/regexec.c b/src/regexec.c +index e471491..4bcd8a9 100644 +--- a/src/regexec.c ++++ b/src/regexec.c +@@ -2889,6 +2889,7 @@ match_at(regex_t* reg, const UChar* str, const UChar* end, + DATA_ENSURE(0); + q = lowbuf; + while (len-- > 0) { ++ if (ps >= endp) goto fail; + if (*ps != *q) goto fail; + ps++; q++; + } |