Fix subject buffer overread in JIT.

git-svn-id: svn:https://vcs.exim.org/pcre/code/trunk@1740 2f5784b3-3f2a-0410-8824-cb99058d5e15
svn2github · Sep 21, 2018 · 1aa76cb · 1aa76cb
1 parent 7abc4de
commit 1aa76cb
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -37,6 +37,9 @@ subpattern was treated as anchored, when it should not have been, since the
 assumed empty second branch cannot be anchored. Demonstrated by test patterns 
 such as /(?(1)^())b/ or /(?(?=^))b/.
 
+7. Fix subject buffer overread in JIT when UTF is disabled and \X or \R has
+a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
+
 
 Version 8.42 20-March-2018
 --------------------------

diff --git a/pcre_jit_compile.c b/pcre_jit_compile.c
@@ -9002,7 +9002,7 @@ if (exact > 1)
 #ifdef SUPPORT_UTF
  && !common->utf
 #endif
- )
+ && type != OP_ANYNL && type != OP_EXTUNI)
  {
  OP2(SLJIT_ADD, TMP1, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(exact));
  add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_GREATER, TMP1, 0, STR_END, 0));