You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.5 KiB
45 lines
1.5 KiB
From f0bb9e8baf3157e0a84f484f194984295b2db23a Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
Date: Mon, 19 Oct 2020 16:15:14 +0200
|
|
Subject: [PATCH] Inicialize name table memory region
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Name table entry values are accessed past their ends in add_name()
|
|
when comparing the values. Also a size of the entries could grow
|
|
later. It's safer to initialize just after the allocation than to hunt
|
|
the gaps later.
|
|
|
|
Reproducer:
|
|
|
|
pcre_compile2("(?<f>)(?<fir>)", PCRE_NO_AUTO_CAPTURE | PCRE_CASELESS, &ec, &eb, &eo, NULL);
|
|
|
|
built with clang++ -fsanitize=memory -fsanitize=fuzzer-no-link.
|
|
|
|
https://bugs.exim.org/show_bug.cgi?id=2661
|
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
---
|
|
pcre_compile.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/pcre_compile.c b/pcre_compile.c
|
|
index 3be0fbf..75309e0 100644
|
|
--- a/pcre_compile.c
|
|
+++ b/pcre_compile.c
|
|
@@ -9423,6 +9423,11 @@ if (re == NULL)
|
|
goto PCRE_EARLY_ERROR_RETURN;
|
|
}
|
|
|
|
+/* Initialize the memory. Name table entry values are accessed past their ends
|
|
+ * (e.g. in add_name()) when comparing the values. Also a size of the entry can
|
|
+ * grow later. It's safer to initialize here than to hunt the gaps later. */
|
|
+memset(re, 0, size);
|
|
+
|
|
/* Put in the magic number, and save the sizes, initial options, internal
|
|
flags, and character table pointer. NULL is used for the default character
|
|
tables. The nullpad field is at the end; it's there to help in the case when a
|
|
--
|
|
2.25.4
|
|
|