From 92c608d009fad8df275ca3a51277b2ffeaaacaa8 Mon Sep 17 00:00:00 2001
From: openeuler-basic <shenyangyang4@huawei.com>
Date: Mon, 3 Feb 2020 16:47:03 +0800
Subject: [PATCH] fix stack buffer overflow

---
 ...k-on-the-number-of-capturing-parenth.patch | 209 ++++++++++++++++++
 pcre2.spec                                    |   7 +-
 2 files changed, 215 insertions(+), 1 deletion(-)
 create mode 100644 Implement-a-check-on-the-number-of-capturing-parenth.patch

diff --git a/Implement-a-check-on-the-number-of-capturing-parenth.patch b/Implement-a-check-on-the-number-of-capturing-parenth.patch
new file mode 100644
index 0000000..a8a820c
--- /dev/null
+++ b/Implement-a-check-on-the-number-of-capturing-parenth.patch
@@ -0,0 +1,209 @@
+From a38f1e7eb827408133178ffac9987157d82edaa2 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
+Date: Mon, 22 Apr 2019 12:39:38 +0000
+Subject: [PATCH] Implement a check on the number of capturing parentheses,
+ which for some reason has never existed. This fixes ClusterFuzz issue 14376.
+
+git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1088 6239d852-aaf2-0410-a92c-79f79f948069
+---
+ ChangeLog                |  8 ++++++++
+ configure.ac             |  6 +++---
+ src/pcre2.h.in           |  1 +
+ src/pcre2_compile.c      | 12 +++++++++++-
+ src/pcre2_error.c        |  1 +
+ testdata/testinput11     |  2 ++
+ testdata/testinput2      |  4 ++++
+ testdata/testinput9      |  2 ++
+ testdata/testoutput11-16 |  3 +++
+ testdata/testoutput11-32 |  2 ++
+ testdata/testoutput2     |  6 ++++++
+ testdata/testoutput9     |  3 +++
+ 12 files changed, 46 insertions(+), 4 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 66c6d0b..da4ffb6 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -2,6 +2,14 @@ Change Log for PCRE2
+ --------------------
+ 
+ 
++Version 10.34 22-April-2019
++---------------------------
++
++1. The maximum number of capturing subpatterns is 65535 (documented), but no 
++check on this was ever implemented. This omission has been rectified; it fixes
++ClusterFuzz 14376.
++
++
+ Version 10.33 16-April-2019
+ ---------------------------
+ 
+diff --git a/configure.ac b/configure.ac
+index 93c2b53..35b947b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -9,9 +9,9 @@ dnl The PCRE2_PRERELEASE feature is for identifying release candidates. It might
+ dnl be defined as -RC2, for example. For real releases, it should be empty.
+ 
+ m4_define(pcre2_major, [10])
+-m4_define(pcre2_minor, [33])
+-m4_define(pcre2_prerelease, [])
+-m4_define(pcre2_date, [2019-04-16])
++m4_define(pcre2_minor, [34])
++m4_define(pcre2_prerelease, [-RC1])
++m4_define(pcre2_date, [2019-04-22])
+ 
+ # NOTE: The CMakeLists.txt file searches for the above variables in the first
+ # 50 lines of this file. Please update that if the variables above are moved.
+diff --git a/src/pcre2.h.in b/src/pcre2.h.in
+index 9415d70..29f3688 100644
+--- a/src/pcre2.h.in
++++ b/src/pcre2.h.in
+@@ -305,6 +305,7 @@ pcre2_pattern_convert(). */
+ #define PCRE2_ERROR_INVALID_HYPHEN_IN_OPTIONS      194
+ #define PCRE2_ERROR_ALPHA_ASSERTION_UNKNOWN        195
+ #define PCRE2_ERROR_SCRIPT_RUN_NOT_AVAILABLE       196
++#define PCRE2_ERROR_TOO_MANY_CAPTURES              197
+ 
+ 
+ /* "Expected" matching error codes: no match and partial match. */
+diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
+index 068735a..cd6fbea 100644
+--- a/src/pcre2_compile.c
++++ b/src/pcre2_compile.c
+@@ -781,7 +781,7 @@ enum { ERR0 = COMPILE_ERROR_BASE,
+        ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, ERR70,
+        ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, ERR80,
+        ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERR88, ERR89, ERR90,
+-       ERR91, ERR92, ERR93, ERR94, ERR95, ERR96 };
++       ERR91, ERR92, ERR93, ERR94, ERR95, ERR96, ERR97 };
+ 
+ /* This is a table of start-of-pattern options such as (*UTF) and settings such
+ as (*LIMIT_MATCH=nnnn) and (*CRLF). For completeness and backward
+@@ -3611,6 +3611,11 @@ while (ptr < ptrend)
+         nest_depth++;
+         if ((options & PCRE2_NO_AUTO_CAPTURE) == 0)
+           {
++          if (cb->bracount >= MAX_GROUP_NUMBER)
++            {
++            errorcode = ERR97;
++            goto FAILED;
++            }    
+           cb->bracount++;
+           *parsed_pattern++ = META_CAPTURE | cb->bracount;
+           }
+@@ -4435,6 +4440,11 @@ while (ptr < ptrend)
+       /* We have a name for this capturing group. It is also assigned a number,
+       which is its primary means of identification. */
+ 
++      if (cb->bracount >= MAX_GROUP_NUMBER)
++        {
++        errorcode = ERR97;
++        goto FAILED;
++        }    
+       cb->bracount++;
+       *parsed_pattern++ = META_CAPTURE | cb->bracount;
+       nest_depth++;
+diff --git a/src/pcre2_error.c b/src/pcre2_error.c
+index 1d02cf1..5517e74 100644
+--- a/src/pcre2_error.c
++++ b/src/pcre2_error.c
+@@ -184,6 +184,7 @@ static const unsigned char compile_error_texts[] =
+   /* 95 */
+   "(*alpha_assertion) not recognized\0"
+   "script runs require Unicode support, which this version of PCRE2 does not have\0"
++  "too many capturing groups (maximum 65535)\0"
+   ;
+ 
+ /* Match-time and UTF error texts are in the same format. */
+diff --git a/testdata/testinput11 b/testdata/testinput11
+index 2d267d6..fca6042 100644
+--- a/testdata/testinput11
++++ b/testdata/testinput11
+@@ -368,4 +368,6 @@
+     abÿAz
+     ab\x{80000041}z 
+ 
++/\[()]{65535}/expand
++
+ # End of testinput11
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index 9e59b62..8a98f94 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -5587,4 +5587,8 @@ a)"xI
+ \= Expect error message
+     abc\=null_context
+ 
++/\[()]{65535}()/expand
++
++/\[()]{65535}(?<A>)/expand
++
+ # End of testinput2
+diff --git a/testdata/testinput9 b/testdata/testinput9
+index 7be4b15..792d610 100644
+--- a/testdata/testinput9
++++ b/testdata/testinput9
+@@ -260,4 +260,6 @@
+ 
+ /(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':Æ¿)/
+ 
++/\[()]{65535}/expand
++
+ # End of testinput9
+diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
+index 78bf7fb..f2b9637 100644
+--- a/testdata/testoutput11-16
++++ b/testdata/testoutput11-16
+@@ -661,4 +661,7 @@ Subject length lower bound = 1
+     abÿAz
+     ab\x{80000041}z 
+ 
++/\[()]{65535}/expand
++Failed: error 120 at offset 131070: regular expression is too large
++
+ # End of testinput11
+diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
+index 4b00384..1908ab7 100644
+--- a/testdata/testoutput11-32
++++ b/testdata/testoutput11-32
+@@ -667,4 +667,6 @@ Subject length lower bound = 1
+     ab\x{80000041}z 
+  0: ab\x{80000041}z
+ 
++/\[()]{65535}/expand
++
+ # End of testinput11
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 2f91c38..158fbad 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -16934,6 +16934,12 @@ Subject length lower bound = 0
+     abc\=null_context
+ ** Replacement callouts are not supported with null_context.
+ 
++/\[()]{65535}()/expand
++Failed: error 197 at offset 131071: too many capturing groups (maximum 65535)
++
++/\[()]{65535}(?<A>)/expand
++Failed: error 197 at offset 131075: too many capturing groups (maximum 65535)
++
+ # End of testinput2
+ Error -70: PCRE2_ERROR_BADDATA (unknown error number)
+ Error -62: bad serialized data
+diff --git a/testdata/testoutput9 b/testdata/testoutput9
+index f98f276..f66ca3d 100644
+--- a/testdata/testoutput9
++++ b/testdata/testoutput9
+@@ -367,4 +367,7 @@ Failed: error 134 at offset 14: character code point value in \x{} or \o{} is to
+ /(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':Æ¿)/
+ Failed: error 176 at offset 259: name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
+ 
++/\[()]{65535}/expand
++Failed: error 120 at offset 131070: regular expression is too large
++
+ # End of testinput9
+-- 
+1.8.3.1
+
diff --git a/pcre2.spec b/pcre2.spec
index d9f8d0a..c49749d 100644
--- a/pcre2.spec
+++ b/pcre2.spec
@@ -1,11 +1,13 @@
 Name:        pcre2
 Version:     10.33
-Release:     1
+Release:     2
 Summary:     Perl Compatible Regular Expressions
 License:     BSD
 URL:         http://www.pcre.org/
 Source0:     https://ftp.pcre.org/pub/pcre/%{name}-%{version}.tar.bz2
 
+Patch0:      Implement-a-check-on-the-number-of-capturing-parenth.patch
+
 BuildRequires:  autoconf libtool automake coreutils gcc make readline-devel
 Obsoletes:      pcre2-utf16 pcre2-utf32 pcre2-tools
 Provides:       pcre2-utf16 pcre2-utf32 pcre2-tools
@@ -117,5 +119,8 @@ make check
 %{_pkgdocdir}/html/
 
 %changelog
+* Mon Feb 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 10.33-2
+- Fix stack buffer overflow
+
 * Sat Sep 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 10.33-1
 - Package init
-- 
Gitee