parent
f4c640d2c0
commit
537629778f
@ -0,0 +1,33 @@
|
||||
From f2411acb3711a44497539d17b245bd366d9c26d7 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= <carenas@gmail.com>
|
||||
Date: Mon, 12 Dec 2022 08:32:42 -0800
|
||||
Subject: [PATCH] jit: fail early in ffcps_* if subject shorter than offs1
|
||||
(#175)
|
||||
|
||||
FF_FUN would try loading a vector from an invalid address
|
||||
triggering a crash.
|
||||
|
||||
Add the same check that is done in the x86/s390x implementations
|
||||
and that was missing from the original code.
|
||||
|
||||
Fixes: #86
|
||||
---
|
||||
src/pcre2_jit_neon_inc.h | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/pcre2_jit_neon_inc.h b/src/pcre2_jit_neon_inc.h
|
||||
index e74adf12..165602ed 100644
|
||||
--- a/src/pcre2_jit_neon_inc.h
|
||||
+++ b/src/pcre2_jit_neon_inc.h
|
||||
@@ -183,6 +183,8 @@ restart:;
|
||||
#endif
|
||||
|
||||
#if defined(FFCPS)
|
||||
+if (str_ptr >= str_end)
|
||||
+ return NULL;
|
||||
sljit_u8 *p1 = str_ptr - diff;
|
||||
#endif
|
||||
sljit_s32 align_offset = ((uint64_t)str_ptr & 0xf);
|
||||
--
|
||||
2.45.1
|
||||
|
Loading…
Reference in new issue