GNU bug report logs - #51710
[PATCH] pcre: avoid overflow in PCRE JIT stack resizing

Previous Next

Package: grep;

Reported by: Carlo Marcelo Arenas Belón <carenas <at> gmail.com>

Date: Tue, 9 Nov 2021 08:41:01 UTC

Severity: normal

Tags: patch

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Carlo Arenas <carenas <at> gmail.com>
Cc: 51710 <at> debbugs.gnu.org
Subject: bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing
Date: Sun, 14 Nov 2021 12:54:58 -0800

As a result of the recent changes to get grep to use PCRE2 instead of 
old PCRE, the relevant code now looks like this:


 /* STACK_GROWTH_RATE is taken from PCRE's src/pcre2_jit_compile.c.
    Going over the jitstack_max limit could trigger an int
    overflow bug.  */
 int STACK_GROWTH_RATE = 8192;
 idx_t jitstack_max = MIN (IDX_MAX, SIZE_MAX - (STACK_GROWTH_RATE - 1));

 int e = pcre2_match (pc->cre, (PCRE2_SPTR) subject, search_bytes,
                      search_offset, options, pc->data, pc->mcontext);
 if (e == PCRE2_ERROR_JIT_STACKLIMIT
     && pc->jit_stack_size <= jitstack_max / 2)
   ... code that computes pc->git_stack_size * 2 ...

This should avoid integer overflow in both grep and libpcre2, without 
imposing arbitrary limits on what PCRE2 can do. If this more-generous 
limit causes problems please let me know.

This bug report was last modified 3 years and 184 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #51710 [PATCH] pcre: avoid overflow in PCRE JIT stack resizing

GNU bug report logs - #51710
[PATCH] pcre: avoid overflow in PCRE JIT stack resizing