This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
regcomp: use long jumps if there is any possibility of overflow
authorKarl Williamson <khw@cpan.org>
Thu, 20 Feb 2020 17:49:36 +0000 (17:49 +0000)
committerSteve Hay <steve.m.hay@googlemail.com>
Mon, 1 Jun 2020 19:35:51 +0000 (20:35 +0100)
(CVE-2020-10878) Be conservative for backporting, we'll aim to do
something more aggressive for bleadperl.

(cherry picked from commit 8243e7d09fa7bd65b70935e3170c6abda3e34917)

regcomp.c

index b02ae9b..2e86496 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -7877,6 +7877,13 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
 
         /* We have that number in RExC_npar */
         RExC_total_parens = RExC_npar;
+
+        /* XXX For backporting, use long jumps if there is any possibility of
+         * overflow */
+        if (RExC_size > U16_MAX && ! RExC_use_BRANCHJ) {
+            RExC_use_BRANCHJ = TRUE;
+            flags |= RESTART_PARSE;
+        }
     }
     else if (! MUST_RESTART(flags)) {
        ReREFCNT_dec(Rx);