From eb4fb41edf8fac9d0818a876ceae14040337437e Mon Sep 17 00:00:00 2001 From: xujing Date: Thu, 14 Dec 2023 14:23:50 +0800 Subject: [PATCH] fix a possible integer overflow in DFA matching (#305) --- ...integer-overflow-in-DFA-matching-305.patch | 24 +++++++++++++++++++ pcre2.spec | 6 ++++- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 backport-fix-a-possible-integer-overflow-in-DFA-matching-305.patch diff --git a/backport-fix-a-possible-integer-overflow-in-DFA-matching-305.patch b/backport-fix-a-possible-integer-overflow-in-DFA-matching-305.patch new file mode 100644 index 0000000..0441a0f --- /dev/null +++ b/backport-fix-a-possible-integer-overflow-in-DFA-matching-305.patch @@ -0,0 +1,24 @@ +From d231944236c6516de2831cbdde3069dab180ae81 Mon Sep 17 00:00:00 2001 +From: pkuzco +Date: Mon, 9 Oct 2023 17:46:42 +0200 +Subject: [PATCH] fix a possible integer overflow in DFA matching (#305) + +--- + src/pcre2_dfa_match.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pcre2_dfa_match.c b/src/pcre2_dfa_match.c +index 518ac07..13b1ae4 100644 +--- a/src/pcre2_dfa_match.c ++++ b/src/pcre2_dfa_match.c +@@ -428,7 +428,7 @@ overflow. */ + + else + { +- uint32_t newsize = (rws->size >= UINT32_MAX/2)? UINT32_MAX/2 : rws->size * 2; ++ uint32_t newsize = (rws->size >= UINT32_MAX/(sizeof(int)*2))? UINT32_MAX/sizeof(int) : rws->size * 2; + uint32_t newsizeK = newsize/(1024/sizeof(int)); + + if (newsizeK + mb->heap_used > mb->heap_limit) +-- +2.33.0 \ No newline at end of file diff --git a/pcre2.spec b/pcre2.spec index 0ae3a08..c30aa07 100644 --- a/pcre2.spec +++ b/pcre2.spec @@ -1,6 +1,6 @@ Name: pcre2 Version: 10.35 -Release: 5 +Release: 6 Summary: Perl Compatible Regular Expressions License: BSD URL: http://www.pcre.org/ @@ -36,6 +36,7 @@ Patch6019: backport-Fixed-an-issue-in-the-backtracking-optimization-of-c.pat Patch6020: backport-jit-fail-early-in-ffcps_-if-subject-shorter-than-off.patch Patch6021: backport-jit-fix-pcre2_jit_free_unused_memory-if-sljit-not-us.patch Patch6022: backport-fix-CVE-2022-41409.patch +Patch6023: backport-fix-a-possible-integer-overflow-in-DFA-matching-305.patch BuildRequires: autoconf libtool automake coreutils gcc make readline-devel Obsoletes: pcre2-utf16 pcre2-utf32 pcre2-tools @@ -152,6 +153,9 @@ make check %{_pkgdocdir}/html/ %changelog +* Thu Dec 14 2023 xujing - 10.35-6 +- DESC:fix a possible integer overflow in DFA matching (#305) + * Mon Jul 31 2023 yangmingtai - 10.35-5 - DESC:fix CVE-2022-41409 -- Gitee