56 lines
1.3 KiB
Plaintext
56 lines
1.3 KiB
Plaintext
$OpenBSD: patch-ext_pcre_pcrelib_pcre_c,v 1.1 2005/08/31 22:12:54 robert Exp $
|
|
--- ext/pcre/pcrelib/pcre.c.orig Fri May 27 20:12:42 2005
|
|
+++ ext/pcre/pcrelib/pcre.c Mon Aug 29 00:33:37 2005
|
|
@@ -1245,14 +1245,30 @@
|
|
int min = 0;
|
|
int max = -1;
|
|
|
|
+/* Read the minimum value and do a paranoid check: a negative value indicates
|
|
+an integer overflow. */
|
|
+
|
|
while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
|
|
+if (min < 0 || min > 65535)
|
|
+ {
|
|
+ *errorptr = ERR5;
|
|
+ return p;
|
|
+ }
|
|
|
|
+/* Read the maximum value if there is one, and again do a paranoid on its size.
|
|
+Also, max must not be less than min. */
|
|
+
|
|
if (*p == '}') max = min; else
|
|
{
|
|
if (*(++p) != '}')
|
|
{
|
|
max = 0;
|
|
while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
|
|
+ if (max < 0 || max > 65535)
|
|
+ {
|
|
+ *errorptr = ERR5;
|
|
+ return p;
|
|
+ }
|
|
if (max < min)
|
|
{
|
|
*errorptr = ERR4;
|
|
@@ -1261,16 +1277,11 @@
|
|
}
|
|
}
|
|
|
|
-/* Do paranoid checks, then fill in the required variables, and pass back the
|
|
-pointer to the terminating '}'. */
|
|
+/* Fill in the required variables, and pass back the pointer to the terminating
|
|
+'}'. */
|
|
|
|
-if (min > 65535 || max > 65535)
|
|
- *errorptr = ERR5;
|
|
-else
|
|
- {
|
|
- *minp = min;
|
|
- *maxp = max;
|
|
- }
|
|
+*minp = min;
|
|
+*maxp = max;
|
|
return p;
|
|
}
|
|
|