From unknown Sat Jun 14 19:07:17 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing
Resent-From: Carlo Marcelo Arenas =?UTF-8?Q?Bel=C3=B3n?= <carenas@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-grep@gnu.org
Resent-Date: Tue, 09 Nov 2021 08:41:01 +0000
Resent-Message-ID: <handler.51710.B.163644721616057@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 51710
X-GNU-PR-Package: grep
X-GNU-PR-Keywords: patch
To: 51710@debbugs.gnu.org
Cc: Carlo Marcelo Arenas =?UTF-8?Q?Bel=C3=B3n?= <carenas@gmail.com>
X-Debbugs-Original-To: bug-grep@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.163644721616057
          (code B ref -1); Tue, 09 Nov 2021 08:41:01 +0000
Received: (at submit) by debbugs.gnu.org; 9 Nov 2021 08:40:16 +0000
Received: from localhost ([127.0.0.1]:60746 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mkMfw-0004Av-95
	for submit@debbugs.gnu.org; Tue, 09 Nov 2021 03:40:16 -0500
Received: from lists.gnu.org ([209.51.188.17]:35450)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <carenas@gmail.com>) id 1mkMft-0004Ak-Ez
 for submit@debbugs.gnu.org; Tue, 09 Nov 2021 03:40:15 -0500
Received: from eggs.gnu.org ([209.51.188.92]:57772)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <carenas@gmail.com>) id 1mkMfs-0000Wg-So
 for bug-grep@gnu.org; Tue, 09 Nov 2021 03:40:13 -0500
Received: from [2607:f8b0:4864:20::233] (port=39589
 helo=mail-oi1-x233.google.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <carenas@gmail.com>) id 1mkMfn-0002z3-6g
 for bug-grep@gnu.org; Tue, 09 Nov 2021 03:40:12 -0500
Received: by mail-oi1-x233.google.com with SMTP id bf8so14508114oib.6
 for <bug-grep@gnu.org>; Tue, 09 Nov 2021 00:40:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=f0Hx2HbHmusySvmOSZvdZ9hqCG2goRIinkjwOhJUaOo=;
 b=iIrExdCxsgEOj4G3LwRPuHRrLiQ5FDQpSBJ4ds4Q2zoGb2dPpKZd5hbSOZREJkTP1X
 vClYrapRAORPRkcLsjzmfPNc6BPyz5MFg5po2Iaul7qm8KxeLiCursCLvU/8WOe6HGHe
 YRdVYpotlpT+HT5JhDa1OKZfrsrYxiw+BrEUtIRojwglIEELZyJ/xwHPVgh6mcLl5xRO
 +mV8XiSiXLObfSn0uGcjMe3NXr6KSH45/v8mSzsDaj5wzkEe5Dp70V1TF8uZat90F/HS
 6zphiWdCK+jAi+kHU59WtvZl8Cm7X750iV2l84l3nU6+5Nboyji8nmB5HglWiRL2qKgg
 2KDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=f0Hx2HbHmusySvmOSZvdZ9hqCG2goRIinkjwOhJUaOo=;
 b=0bIViCgQeZSb+LbIOgBhenuZVXuFRk1fHmmWrSw+2QST/j8hOWscIgZ4L7OzD4DGwu
 6g5Mo0lRud2z69KGLIKbb4vNz/4BdgBxOSGxIG+uH1D6AEzqSdGyJYTyvmz6XGD/413u
 4hub9XrztTHNDEmr5PN9EbHf1IMZnhY4Qb9R0MT9+lQIBtuvJY3J9bpryoYHxwQC4O/B
 U66UkQmqekend9rXzzxVvWk0JqXH87f+NAycKAKQ4yeV2Xqk7BgGv9Si8THlP+QBNrhH
 y7VITYYgKOfyFuoRkMxCFnfKT91FzS7yx3xvsAPOswMrCgk/blWSk148+4fzniZDOtBs
 gWHA==
X-Gm-Message-State: AOAM532FFmA9FwLbud1Mp2AR59dPvWu03dSOWpazQRfNIpslaFqExsU7
 Tmo2OoiU38q6A2EF39oix4XUTx61Z7Y=
X-Google-Smtp-Source: ABdhPJxpT6PO2z96rZ18cl3vuiaUKDEJR4oLthQx8sFag0jwacAa8jX1yg510Xm6vCR/A222aMhemg==
X-Received: by 2002:a05:6808:ec3:: with SMTP id
 q3mr4087108oiv.57.1636446843948; 
 Tue, 09 Nov 2021 00:34:03 -0800 (PST)
Received: from localhost.localdomain
 (104-1-92-200.lightspeed.sntcca.sbcglobal.net. [104.1.92.200])
 by smtp.gmail.com with ESMTPSA id a6sm2719539oic.39.2021.11.09.00.34.03
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 09 Nov 2021 00:34:03 -0800 (PST)
From: Carlo Marcelo Arenas =?UTF-8?Q?Bel=C3=B3n?= <carenas@gmail.com>
Date: Tue,  9 Nov 2021 00:33:09 -0800
Message-Id: <20211109083309.32307-1-carenas@gmail.com>
X-Mailer: git-send-email 2.34.0.rc1.349.g8f33748433
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::233
 (failed)
Received-SPF: pass client-ip=2607:f8b0:4864:20::233;
 envelope-from=carenas@gmail.com; helo=mail-oi1-x233.google.com
X-Spam_score_int: -12
X-Spam_score: -1.3
X-Spam_bar: -
X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 PDS_HP_HELO_NORDNS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793,
 SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

fbc60d4 (Grow the JIT stack if it becomes exhausted, 2015-02-10), add
support to grep for recovering from a JIT stack exhaustion problem,
by creating and using increasingly larger stacks.

The underlying problem might seem to have been generated by a PCRE bug
that is no longer reproducible, and the code could be simplified to do
a single iteration instead with a theoretical maximum of almost INT_MAX,
but that could be a regression, so instead make sure that the maximum
size requested will always be valid, by avoiding a PCRE internal int
overflow that will then be translated into an UINT_MAX like value by
sljit.

Alternatively, a smaller maximum could be selected as it has been
documented[1] that more than 1MB would be unrealistic.

[1] https://www.pcre.org/original/doc/html/pcrejit.html#SEC8

Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
---
 src/pcresearch.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pcresearch.c b/src/pcresearch.c
index 3bdaee9..c4fb09b 100644
--- a/src/pcresearch.c
+++ b/src/pcresearch.c
@@ -77,6 +77,10 @@ jit_exec (struct pcre_comp *pc, char const *subject, int search_bytes,
         {
           int old_size = pc->jit_stack_size;
           int new_size = pc->jit_stack_size = old_size * 2;
+
+          /* PCRE will round up 8K bytes, so avoid overflow in maximum  */
+          if (INT_MAX - new_size < 8192)
+            new_size = INT_MAX - 8192;
           if (pc->jit_stack)
             pcre_jit_stack_free (pc->jit_stack);
           pc->jit_stack = pcre_jit_stack_alloc (old_size, new_size);
-- 
2.34.0.rc1.349.g8f33748433





From unknown Sat Jun 14 19:07:17 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Carlo Marcelo Arenas =?UTF-8?Q?Bel=C3=B3n?= <carenas@gmail.com>
Subject: bug#51710: closed (Re: bug#51710: [PATCH] pcre: avoid overflow in
 PCRE JIT stack resizing)
Message-ID: <handler.51710.D51710.1636482497999.notifdone@debbugs.gnu.org>
References: <d593d6ca-9987-c63f-5ddf-6e9caa956d28@cs.ucla.edu>
 <20211109083309.32307-1-carenas@gmail.com>
X-Gnu-PR-Message: they-closed 51710
X-Gnu-PR-Package: grep
X-Gnu-PR-Keywords: patch
Reply-To: 51710@debbugs.gnu.org
Date: Tue, 09 Nov 2021 18:29:01 +0000
Content-Type: multipart/mixed; boundary="----------=_1636482541-1051-1"

This is a multi-part message in MIME format...

------------=_1636482541-1051-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing

which was filed against the grep package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 51710@debbugs.gnu.org.

--=20
51710: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D51710
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1636482541-1051-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 51710-done) by debbugs.gnu.org; 9 Nov 2021 18:28:17 +0000
Received: from localhost ([127.0.0.1]:35750 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mkVqz-0000G1-9o
	for submit@debbugs.gnu.org; Tue, 09 Nov 2021 13:28:17 -0500
Received: from zimbra.cs.ucla.edu ([131.179.128.68]:57738)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eggert@cs.ucla.edu>) id 1mkVqw-0000Fh-Ra
 for 51710-done@debbugs.gnu.org; Tue, 09 Nov 2021 13:28:15 -0500
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 77BD71600CE;
 Tue,  9 Nov 2021 10:28:08 -0800 (PST)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id YiZXnYYI2793; Tue,  9 Nov 2021 10:28:07 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id A541D160106;
 Tue,  9 Nov 2021 10:28:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id GCdzFshExhij; Tue,  9 Nov 2021 10:28:07 -0800 (PST)
Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com
 [172.91.119.151])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 7ACE71600CE;
 Tue,  9 Nov 2021 10:28:07 -0800 (PST)
Content-Type: multipart/mixed; boundary="------------Mi4eMJWCbOw05sgdoiM0RXvZ"
Message-ID: <d593d6ca-9987-c63f-5ddf-6e9caa956d28@cs.ucla.edu>
Date: Tue, 9 Nov 2021 10:28:07 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.2.1
Subject: Re: bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing
Content-Language: en-US
To: =?UTF-8?Q?Carlo_Marcelo_Arenas_Bel=c3=b3n?= <carenas@gmail.com>
References: <20211109083309.32307-1-carenas@gmail.com>
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
In-Reply-To: <20211109083309.32307-1-carenas@gmail.com>
X-Spam-Score: -2.4 (--)
X-Debbugs-Envelope-To: 51710-done
Cc: 51710-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.4 (---)

This is a multi-part message in MIME format.
--------------Mi4eMJWCbOw05sgdoiM0RXvZ
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Thanks for reporting that. I installed the attached somewhat-simpler patch.

Does PCRE2 have a similar bug? If so, I suppose this should be reflected 
when we merge in the patch for bug#47264.
--------------Mi4eMJWCbOw05sgdoiM0RXvZ
Content-Type: text/x-patch; charset=UTF-8;
 name="0001-grep-work-around-PCRE-bug.patch"
Content-Disposition: attachment;
 filename="0001-grep-work-around-PCRE-bug.patch"
Content-Transfer-Encoding: base64

RnJvbSBmODdiNjQ5YzkxNTdmNjBhMDlhZjRjMjU5NjI4ODcwNGUwMDU3MzU4IE1vbiBTZXAg
MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQYXVsIEVnZ2VydCA8ZWdnZXJ0QGNzLnVjbGEuZWR1
PgpEYXRlOiBUdWUsIDkgTm92IDIwMjEgMTA6MTE6NDIgLTA4MDAKU3ViamVjdDogW1BBVENI
XSBncmVwOiB3b3JrIGFyb3VuZCBQQ1JFIGJ1ZwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50
LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNv
ZGluZzogOGJpdAoKUHJvYmxlbSByZXBvcnRlZCBieSBDYXJsbyBNYXJjZWxvIEFyZW5hcyBC
ZWzDs24gKEJ1ZyM1MTcxMCkuCiogc3JjL3BjcmVzZWFyY2guYyAoaml0X2V4ZWMpOiBEb27i
gJl0IGF0dGVtcHQgdG8gZ3JvdyB0aGUgSklUIHN0YWNrCm92ZXIgSU5UX01BWCAtIDggKiAx
MDI0LgotLS0KIHNyYy9wY3Jlc2VhcmNoLmMgfCA1ICsrKystCiAxIGZpbGUgY2hhbmdlZCwg
NCBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL3BjcmVz
ZWFyY2guYyBiL3NyYy9wY3Jlc2VhcmNoLmMKaW5kZXggM2JkYWVlOS4uMDlmOTJjOCAxMDA2
NDQKLS0tIGEvc3JjL3BjcmVzZWFyY2guYworKysgYi9zcmMvcGNyZXNlYXJjaC5jCkBAIC03
Miw4ICs3MiwxMSBAQCBqaXRfZXhlYyAoc3RydWN0IHBjcmVfY29tcCAqcGMsIGNoYXIgY29u
c3QgKnN1YmplY3QsIGludCBzZWFyY2hfYnl0ZXMsCiAgICAgICAgICAgICAgICAgICAgICAg
ICAgc2VhcmNoX29mZnNldCwgb3B0aW9ucywgc3ViLCBOU1VCKTsKIAogI2lmIFBDUkVfU1RV
RFlfSklUX0NPTVBJTEUKKyAgICAgIC8qIEdvaW5nIG92ZXIgdGhpcyB3b3VsZCB0cmlnZ2Vy
IGFuIGludCBvdmVyZmxvdyBidWcgd2l0aGluIFBDUkUuICAqLworICAgICAgaW50IGppdHN0
YWNrX21heCA9IElOVF9NQVggLSA4ICogMTAyNDsKKwogICAgICAgaWYgKGUgPT0gUENSRV9F
UlJPUl9KSVRfU1RBQ0tMSU1JVAotICAgICAgICAgICYmIDAgPCBwYy0+aml0X3N0YWNrX3Np
emUgJiYgcGMtPmppdF9zdGFja19zaXplIDw9IElOVF9NQVggLyAyKQorICAgICAgICAgICYm
IDAgPCBwYy0+aml0X3N0YWNrX3NpemUgJiYgcGMtPmppdF9zdGFja19zaXplIDw9IGppdHN0
YWNrX21heCAvIDIpCiAgICAgICAgIHsKICAgICAgICAgICBpbnQgb2xkX3NpemUgPSBwYy0+
aml0X3N0YWNrX3NpemU7CiAgICAgICAgICAgaW50IG5ld19zaXplID0gcGMtPmppdF9zdGFj
a19zaXplID0gb2xkX3NpemUgKiAyOwotLSAKMi4zMi4wCgo=
--------------Mi4eMJWCbOw05sgdoiM0RXvZ--



------------=_1636482541-1051-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 9 Nov 2021 08:40:16 +0000
Received: from localhost ([127.0.0.1]:60746 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mkMfw-0004Av-95
	for submit@debbugs.gnu.org; Tue, 09 Nov 2021 03:40:16 -0500
Received: from lists.gnu.org ([209.51.188.17]:35450)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <carenas@gmail.com>) id 1mkMft-0004Ak-Ez
 for submit@debbugs.gnu.org; Tue, 09 Nov 2021 03:40:15 -0500
Received: from eggs.gnu.org ([209.51.188.92]:57772)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <carenas@gmail.com>) id 1mkMfs-0000Wg-So
 for bug-grep@gnu.org; Tue, 09 Nov 2021 03:40:13 -0500
Received: from [2607:f8b0:4864:20::233] (port=39589
 helo=mail-oi1-x233.google.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <carenas@gmail.com>) id 1mkMfn-0002z3-6g
 for bug-grep@gnu.org; Tue, 09 Nov 2021 03:40:12 -0500
Received: by mail-oi1-x233.google.com with SMTP id bf8so14508114oib.6
 for <bug-grep@gnu.org>; Tue, 09 Nov 2021 00:40:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=f0Hx2HbHmusySvmOSZvdZ9hqCG2goRIinkjwOhJUaOo=;
 b=iIrExdCxsgEOj4G3LwRPuHRrLiQ5FDQpSBJ4ds4Q2zoGb2dPpKZd5hbSOZREJkTP1X
 vClYrapRAORPRkcLsjzmfPNc6BPyz5MFg5po2Iaul7qm8KxeLiCursCLvU/8WOe6HGHe
 YRdVYpotlpT+HT5JhDa1OKZfrsrYxiw+BrEUtIRojwglIEELZyJ/xwHPVgh6mcLl5xRO
 +mV8XiSiXLObfSn0uGcjMe3NXr6KSH45/v8mSzsDaj5wzkEe5Dp70V1TF8uZat90F/HS
 6zphiWdCK+jAi+kHU59WtvZl8Cm7X750iV2l84l3nU6+5Nboyji8nmB5HglWiRL2qKgg
 2KDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=f0Hx2HbHmusySvmOSZvdZ9hqCG2goRIinkjwOhJUaOo=;
 b=0bIViCgQeZSb+LbIOgBhenuZVXuFRk1fHmmWrSw+2QST/j8hOWscIgZ4L7OzD4DGwu
 6g5Mo0lRud2z69KGLIKbb4vNz/4BdgBxOSGxIG+uH1D6AEzqSdGyJYTyvmz6XGD/413u
 4hub9XrztTHNDEmr5PN9EbHf1IMZnhY4Qb9R0MT9+lQIBtuvJY3J9bpryoYHxwQC4O/B
 U66UkQmqekend9rXzzxVvWk0JqXH87f+NAycKAKQ4yeV2Xqk7BgGv9Si8THlP+QBNrhH
 y7VITYYgKOfyFuoRkMxCFnfKT91FzS7yx3xvsAPOswMrCgk/blWSk148+4fzniZDOtBs
 gWHA==
X-Gm-Message-State: AOAM532FFmA9FwLbud1Mp2AR59dPvWu03dSOWpazQRfNIpslaFqExsU7
 Tmo2OoiU38q6A2EF39oix4XUTx61Z7Y=
X-Google-Smtp-Source: ABdhPJxpT6PO2z96rZ18cl3vuiaUKDEJR4oLthQx8sFag0jwacAa8jX1yg510Xm6vCR/A222aMhemg==
X-Received: by 2002:a05:6808:ec3:: with SMTP id
 q3mr4087108oiv.57.1636446843948; 
 Tue, 09 Nov 2021 00:34:03 -0800 (PST)
Received: from localhost.localdomain
 (104-1-92-200.lightspeed.sntcca.sbcglobal.net. [104.1.92.200])
 by smtp.gmail.com with ESMTPSA id a6sm2719539oic.39.2021.11.09.00.34.03
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 09 Nov 2021 00:34:03 -0800 (PST)
From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= <carenas@gmail.com>
To: bug-grep@gnu.org
Subject: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing
Date: Tue,  9 Nov 2021 00:33:09 -0800
Message-Id: <20211109083309.32307-1-carenas@gmail.com>
X-Mailer: git-send-email 2.34.0.rc1.349.g8f33748433
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::233
 (failed)
Received-SPF: pass client-ip=2607:f8b0:4864:20::233;
 envelope-from=carenas@gmail.com; helo=mail-oi1-x233.google.com
X-Spam_score_int: -12
X-Spam_score: -1.3
X-Spam_bar: -
X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 PDS_HP_HELO_NORDNS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793,
 SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-Debbugs-Envelope-To: submit
Cc: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= <carenas@gmail.com>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

fbc60d4 (Grow the JIT stack if it becomes exhausted, 2015-02-10), add
support to grep for recovering from a JIT stack exhaustion problem,
by creating and using increasingly larger stacks.

The underlying problem might seem to have been generated by a PCRE bug
that is no longer reproducible, and the code could be simplified to do
a single iteration instead with a theoretical maximum of almost INT_MAX,
but that could be a regression, so instead make sure that the maximum
size requested will always be valid, by avoiding a PCRE internal int
overflow that will then be translated into an UINT_MAX like value by
sljit.

Alternatively, a smaller maximum could be selected as it has been
documented[1] that more than 1MB would be unrealistic.

[1] https://www.pcre.org/original/doc/html/pcrejit.html#SEC8

Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
---
 src/pcresearch.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pcresearch.c b/src/pcresearch.c
index 3bdaee9..c4fb09b 100644
--- a/src/pcresearch.c
+++ b/src/pcresearch.c
@@ -77,6 +77,10 @@ jit_exec (struct pcre_comp *pc, char const *subject, int search_bytes,
         {
           int old_size = pc->jit_stack_size;
           int new_size = pc->jit_stack_size = old_size * 2;
+
+          /* PCRE will round up 8K bytes, so avoid overflow in maximum  */
+          if (INT_MAX - new_size < 8192)
+            new_size = INT_MAX - 8192;
           if (pc->jit_stack)
             pcre_jit_stack_free (pc->jit_stack);
           pc->jit_stack = pcre_jit_stack_alloc (old_size, new_size);
-- 
2.34.0.rc1.349.g8f33748433




------------=_1636482541-1051-1--


From unknown Sat Jun 14 19:07:17 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing
Resent-From: Carlo Arenas <carenas@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-grep@gnu.org
Resent-Date: Tue, 09 Nov 2021 19:24:01 +0000
Resent-Message-ID: <handler.51710.D51710.16364858156467@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 51710
X-GNU-PR-Package: grep
X-GNU-PR-Keywords: patch
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: 51710-done@debbugs.gnu.org
Received: via spool by 51710-done@debbugs.gnu.org id=D51710.16364858156467
          (code D ref 51710); Tue, 09 Nov 2021 19:24:01 +0000
Received: (at 51710-done) by debbugs.gnu.org; 9 Nov 2021 19:23:35 +0000
Received: from localhost ([127.0.0.1]:35844 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mkWiV-0001gF-Fv
	for submit@debbugs.gnu.org; Tue, 09 Nov 2021 14:23:35 -0500
Received: from mail-ua1-f48.google.com ([209.85.222.48]:33559)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <carenas@gmail.com>) id 1mkWiS-0001fz-JK
 for 51710-done@debbugs.gnu.org; Tue, 09 Nov 2021 14:23:33 -0500
Received: by mail-ua1-f48.google.com with SMTP id b17so40717012uas.0
 for <51710-done@debbugs.gnu.org>; Tue, 09 Nov 2021 11:23:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=j7JZ6hVPKF+gQcAmK/mAmxSQimQBa3fwn5cJlL1W3Qc=;
 b=hEp1OjW6ew7LTIpnnXPbCIuRXgnp4fbMfl1YJKXB5aQOnlOXdpTlZeZfu4QH6v7DCC
 IVVMmcxHxxZI03tNYh+LZkvL2giSPMI3G7OjqCPIbe3oXMwk9oNi0wD6UhhF/GI+/BrS
 BFKjXu/MIowFUlwJRSV+FBEA0F7rUE1Cnl42X/CQV8z3ZzAI4Zr0rN3lPHLhBkcMT0q7
 00+Yf2dfzYJKY6K6rv5WXwEe+6iVmsf7jFrERdJjvE65LVdMoWoMF3TcwfJuscd9KO6e
 lGECNN/8pAnB0p/dydnd86vLz9KMq/nvUd1BD2huWYP6LwiHnlWiLHQFHQTiT5jkfy3I
 mX2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=j7JZ6hVPKF+gQcAmK/mAmxSQimQBa3fwn5cJlL1W3Qc=;
 b=yZttfZHOyDaYqyRpSKqovk0ajftJaICqxCcOo5Ng+yQqbwDEbYOaKAS0nFJh4YMK/a
 PkO2AiSl2kFgeD4pcmYGoOxlgrAqSmlNwTqp6hr532LfuAHuNNJ0A6iPAkv31DpFOHzh
 AFOiMkBBWXyOTbuXHzcQXEQv9v+fXzm7Da6LF8X5TQoZx1Xrbdl5RkAGfD3Xvof8HfKX
 RAd+FNPIu+J0+2+oEQadH6Cn53SvuWXXoZjPUfVTe+12mnRL70YlAxjqXs7jjpu5rnrN
 fMsH7YOHxcswGSHc8qJg+/BwxDkv6A/kZa3wLzJWTDWE9nCtrhEJkrnkbZxvaOkNYezZ
 5LQA==
X-Gm-Message-State: AOAM533spzyY4Yixy6hJ5JF4IHApE8AVK1jjF61GdzsyF7mcRqsGGAZf
 qA9fZ+M/fDmMeM2Y/Z9NeQ3vMNQ/bNMb7cyskPITmRr6
X-Google-Smtp-Source: ABdhPJwP0AXZR445n7KPco5vdNpo9mUahziqySKzvz4EaOjh4ct3GhC1HJ5pVbSrCxS3G0ApBwdvFL5mQ2VgjcM5UmA=
X-Received: by 2002:a67:c181:: with SMTP id h1mr15706686vsj.3.1636485806887;
 Tue, 09 Nov 2021 11:23:26 -0800 (PST)
MIME-Version: 1.0
References: <20211109083309.32307-1-carenas@gmail.com>
 <d593d6ca-9987-c63f-5ddf-6e9caa956d28@cs.ucla.edu>
In-Reply-To: <d593d6ca-9987-c63f-5ddf-6e9caa956d28@cs.ucla.edu>
From: Carlo Arenas <carenas@gmail.com>
Date: Tue, 9 Nov 2021 11:23:15 -0800
Message-ID: <CAPUEspiUbv4qq10+-jHGDoTcRxbJh+3ipyzUhvjD3NUpPk+y3w@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

No

PCRE2 uses size_t and it is the same (or similar) not signed type when
passed to sljit, so no Undefined Behaviour or overflow.
We might keep the limit in PCRE2 though, as it should be IMHO far
smaller anyway.

Carlo

Car

On Tue, Nov 9, 2021 at 10:28 AM Paul Eggert <eggert@cs.ucla.edu> wrote:
>
> Thanks for reporting that. I installed the attached somewhat-simpler patch.
>
> Does PCRE2 have a similar bug? If so, I suppose this should be reflected
> when we merge in the patch for bug#47264.




From unknown Sat Jun 14 19:07:17 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing
Resent-From: Paul Eggert <eggert@cs.ucla.edu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-grep@gnu.org
Resent-Date: Wed, 10 Nov 2021 00:31:02 +0000
Resent-Message-ID: <handler.51710.D51710.163650423922694@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 51710
X-GNU-PR-Package: grep
X-GNU-PR-Keywords: patch
To: Carlo Arenas <carenas@gmail.com>
Cc: 51710-done@debbugs.gnu.org
Received: via spool by 51710-done@debbugs.gnu.org id=D51710.163650423922694
          (code D ref 51710); Wed, 10 Nov 2021 00:31:02 +0000
Received: (at 51710-done) by debbugs.gnu.org; 10 Nov 2021 00:30:39 +0000
Received: from localhost ([127.0.0.1]:36322 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mkbVf-0005th-DV
	for submit@debbugs.gnu.org; Tue, 09 Nov 2021 19:30:39 -0500
Received: from zimbra.cs.ucla.edu ([131.179.128.68]:39348)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eggert@cs.ucla.edu>) id 1mkbVb-0005kD-LE
 for 51710-done@debbugs.gnu.org; Tue, 09 Nov 2021 19:30:37 -0500
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 63C081600CD;
 Tue,  9 Nov 2021 16:30:29 -0800 (PST)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id 7QFPL2bZXvS2; Tue,  9 Nov 2021 16:30:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 8E3E01600F6;
 Tue,  9 Nov 2021 16:30:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id vIik70XTOv8q; Tue,  9 Nov 2021 16:30:28 -0800 (PST)
Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 6834B1600CD;
 Tue,  9 Nov 2021 16:30:28 -0800 (PST)
Message-ID: <0b51ede7-d5fa-1888-8a1e-dc10a36d5abf@cs.ucla.edu>
Date: Tue, 9 Nov 2021 16:30:28 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.2.0
Content-Language: en-US
References: <20211109083309.32307-1-carenas@gmail.com>
 <d593d6ca-9987-c63f-5ddf-6e9caa956d28@cs.ucla.edu>
 <CAPUEspiUbv4qq10+-jHGDoTcRxbJh+3ipyzUhvjD3NUpPk+y3w@mail.gmail.com>
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
In-Reply-To: <CAPUEspiUbv4qq10+-jHGDoTcRxbJh+3ipyzUhvjD3NUpPk+y3w@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.4 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.4 (---)

On 11/9/21 11:23, Carlo Arenas wrote:
> We might keep the limit in PCRE2 though, as it should be IMHO far
> smaller anyway.

The usual GNU rule is "Avoid arbitrary limits on the length or number of 
any data structure" 
<https://www.gnu.org/prep/standards/html_node/Semantics.html>. That 
being said, if PCRE2 greatly misbehaves with a large stack size then we 
should impose some sort of limit, if only to insulate 'grep' from 
PCRE2's problems.




From unknown Sat Jun 14 19:07:17 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing
Resent-From: Paul Eggert <eggert@cs.ucla.edu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-grep@gnu.org
Resent-Date: Sun, 14 Nov 2021 20:56:01 +0000
Resent-Message-ID: <handler.51710.B51710.163692330630188@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 51710
X-GNU-PR-Package: grep
X-GNU-PR-Keywords: patch
To: Carlo Arenas <carenas@gmail.com>
Cc: 51710@debbugs.gnu.org
Received: via spool by 51710-submit@debbugs.gnu.org id=B51710.163692330630188
          (code B ref 51710); Sun, 14 Nov 2021 20:56:01 +0000
Received: (at 51710) by debbugs.gnu.org; 14 Nov 2021 20:55:06 +0000
Received: from localhost ([127.0.0.1]:51873 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mmMWo-0007qp-LK
	for submit@debbugs.gnu.org; Sun, 14 Nov 2021 15:55:06 -0500
Received: from zimbra.cs.ucla.edu ([131.179.128.68]:52254)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eggert@cs.ucla.edu>) id 1mmMWm-0007qI-UM
 for 51710@debbugs.gnu.org; Sun, 14 Nov 2021 15:55:06 -0500
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 65E631600EA;
 Sun, 14 Nov 2021 12:54:59 -0800 (PST)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id PBvDfveAFJYv; Sun, 14 Nov 2021 12:54:58 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id B704B1600EF;
 Sun, 14 Nov 2021 12:54:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id y5pDER0_d9fp; Sun, 14 Nov 2021 12:54:58 -0800 (PST)
Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com
 [172.91.119.151])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 91D5B1600EA;
 Sun, 14 Nov 2021 12:54:58 -0800 (PST)
Message-ID: <879fda80-53e5-ead5-684d-1f51276847c7@cs.ucla.edu>
Date: Sun, 14 Nov 2021 12:54:58 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.2.1
Content-Language: en-US
From: Paul Eggert <eggert@cs.ucla.edu>
References: <20211109083309.32307-1-carenas@gmail.com>
 <d593d6ca-9987-c63f-5ddf-6e9caa956d28@cs.ucla.edu>
 <CAPUEspiUbv4qq10+-jHGDoTcRxbJh+3ipyzUhvjD3NUpPk+y3w@mail.gmail.com>
 <0b51ede7-d5fa-1888-8a1e-dc10a36d5abf@cs.ucla.edu>
Organization: UCLA Computer Science Department
In-Reply-To: <0b51ede7-d5fa-1888-8a1e-dc10a36d5abf@cs.ucla.edu>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.4 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.4 (---)

As a result of the recent changes to get grep to use PCRE2 instead of 
old PCRE, the relevant code now looks like this:


  /* STACK_GROWTH_RATE is taken from PCRE's src/pcre2_jit_compile.c.
     Going over the jitstack_max limit could trigger an int
     overflow bug.  */
  int STACK_GROWTH_RATE = 8192;
  idx_t jitstack_max = MIN (IDX_MAX, SIZE_MAX - (STACK_GROWTH_RATE - 1));

  int e = pcre2_match (pc->cre, (PCRE2_SPTR) subject, search_bytes,
                       search_offset, options, pc->data, pc->mcontext);
  if (e == PCRE2_ERROR_JIT_STACKLIMIT
      && pc->jit_stack_size <= jitstack_max / 2)
    ... code that computes pc->git_stack_size * 2 ...

This should avoid integer overflow in both grep and libpcre2, without 
imposing arbitrary limits on what PCRE2 can do. If this more-generous 
limit causes problems please let me know.