Fix out-of-bounds read for partial matching of /./ against an empty s…

…tring

when the newline type is CRLF.


git-svn-id: svn:https://vcs.exim.org/pcre/code/trunk@1723 2f5784b3-3f2a-0410-8824-cb99058d5e15

ChangeLog

@@ -26,16 +26,19 @@ in a given mode, it was also expected that at least one mode is available.
 This is fixed and pcre_jit_exec returns with PCRE_ERROR_JIT_BADOPTION
 when the pattern is not optimized by JIT at all.
 
-6. The line number and related variables such as match counts in pcregrep 
-were all int variables, causing overflow when files with more than 2147483647 
-lines were processed (assuming 32-bit ints). They have all been changed to 
+6. The line number and related variables such as match counts in pcregrep
+were all int variables, causing overflow when files with more than 2147483647
+lines were processed (assuming 32-bit ints). They have all been changed to
 unsigned long ints.
 
 7. If a backreference with a minimum repeat count of zero was first in a
 pattern, apart from assertions, an incorrect first matching character could be
 recorded. For example, for the pattern /(?=(a))\1?b/, "b" was incorrectly set
 as the first character of a match.
 
+8. Fix out-of-bounds read for partial matching of /./ against an empty string
+when the newline type is CRLF.
+
 
 Version 8.41 05-July-2017
 -------------------------

pcre_exec.c

@@ -6,7 +6,7 @@
 and semantics are as close as possible to those of the Perl 5 language.
 
  Written by Philip Hazel
- Copyright (c) 1997-2014 University of Cambridge
+ Copyright (c) 1997-2018 University of Cambridge
 
 -----------------------------------------------------------------------------
 Redistribution and use in source and binary forms, with or without
@@ -2305,7 +2305,7 @@ for (;;)
  case OP_ANY:
  if (IS_NEWLINE(eptr)) RRETURN(MATCH_NOMATCH);
  if (md->partial != 0 &&
- eptr + 1 >= md->end_subject &&
+ eptr == md->end_subject - 1 &&
  NLBLOCK->nltype == NLTYPE_FIXED &&
  NLBLOCK->nllen == 2 &&
  UCHAR21TEST(eptr) == NLBLOCK->nl[0])