This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
regcomp.c: Create fail-safe for reading out of bounds
authorKarl Williamson <khw@cpan.org>
Mon, 26 Aug 2019 22:15:38 +0000 (16:15 -0600)
committerKarl Williamson <khw@cpan.org>
Wed, 23 Oct 2019 11:39:33 +0000 (05:39 -0600)
It shouldn't happen that the pointer passed to this macro causes
out-of-bound reads, but there have been problems with this area in the
past, and we know the bounds for this non-time-critical function, so it
is a simple matter to make sure.

regcomp.c

index 8d19874..bae6ead 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -850,7 +850,8 @@ static const scan_data_t zero_scan_data = {
 #define UPDATE_WARNINGS_LOC(loc)                                        \
     STMT_START {                                                        \
         if (TO_OUTPUT_WARNINGS(loc)) {                                  \
 #define UPDATE_WARNINGS_LOC(loc)                                        \
     STMT_START {                                                        \
         if (TO_OUTPUT_WARNINGS(loc)) {                                  \
-            RExC_latest_warn_offset = (xI(loc)) - RExC_precomp;         \
+            RExC_latest_warn_offset = MAX(sI, MIN(eI, xI(loc)))         \
+                                                       - RExC_precomp;  \
         }                                                               \
     } STMT_END
 
         }                                                               \
     } STMT_END