GNU bug report logs -
#51710
[PATCH] pcre: avoid overflow in PCRE JIT stack resizing
Previous Next
Full log
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
fbc60d4 (Grow the JIT stack if it becomes exhausted, 2015-02-10), add
support to grep for recovering from a JIT stack exhaustion problem,
by creating and using increasingly larger stacks.
The underlying problem might seem to have been generated by a PCRE bug
that is no longer reproducible, and the code could be simplified to do
a single iteration instead with a theoretical maximum of almost INT_MAX,
but that could be a regression, so instead make sure that the maximum
size requested will always be valid, by avoiding a PCRE internal int
overflow that will then be translated into an UINT_MAX like value by
sljit.
Alternatively, a smaller maximum could be selected as it has been
documented[1] that more than 1MB would be unrealistic.
[1] https://www.pcre.org/original/doc/html/pcrejit.html#SEC8
Signed-off-by: Carlo Marcelo Arenas Belón <carenas <at> gmail.com>
---
src/pcresearch.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/pcresearch.c b/src/pcresearch.c
index 3bdaee9..c4fb09b 100644
--- a/src/pcresearch.c
+++ b/src/pcresearch.c
@@ -77,6 +77,10 @@ jit_exec (struct pcre_comp *pc, char const *subject, int search_bytes,
{
int old_size = pc->jit_stack_size;
int new_size = pc->jit_stack_size = old_size * 2;
+
+ /* PCRE will round up 8K bytes, so avoid overflow in maximum */
+ if (INT_MAX - new_size < 8192)
+ new_size = INT_MAX - 8192;
if (pc->jit_stack)
pcre_jit_stack_free (pc->jit_stack);
pc->jit_stack = pcre_jit_stack_alloc (old_size, new_size);
--
2.34.0.rc1.349.g8f33748433
This bug report was last modified 3 years and 184 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.