| Description: Upstream fix for CVE-2017-7186 (Upstream rev 1688) |
| Fix Unicode property crash for 32-bit characters greater than 0x10ffff. |
| Author: Matthew Vernon <matthew@debian.org> |
| X-Dgit-Generated: 2:8.39-3 c4c2c7c4f74d53b263af2471d8e11db88096bd13 |
| |
| Signed-off-by: Baruch Siach <baruch@tkos.co.il> |
| --- |
| |
| --- pcre3-8.39.orig/pcre_internal.h |
| +++ pcre3-8.39/pcre_internal.h |
| @@ -2772,6 +2772,9 @@ extern const pcre_uint8 PRIV(ucd_stage1 |
| extern const pcre_uint16 PRIV(ucd_stage2)[]; |
| extern const pcre_uint32 PRIV(ucp_gentype)[]; |
| extern const pcre_uint32 PRIV(ucp_gbtable)[]; |
| +#ifdef COMPILE_PCRE32 |
| +extern const ucd_record PRIV(dummy_ucd_record)[]; |
| +#endif |
| #ifdef SUPPORT_JIT |
| extern const int PRIV(ucp_typerange)[]; |
| #endif |
| @@ -2780,9 +2783,15 @@ extern const int PRIV(ucp_typera |
| /* UCD access macros */ |
| |
| #define UCD_BLOCK_SIZE 128 |
| -#define GET_UCD(ch) (PRIV(ucd_records) + \ |
| +#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ |
| PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ |
| UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) |
| + |
| +#ifdef COMPILE_PCRE32 |
| +#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) |
| +#else |
| +#define GET_UCD(ch) REAL_GET_UCD(ch) |
| +#endif |
| |
| #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype |
| #define UCD_SCRIPT(ch) GET_UCD(ch)->script |
| --- pcre3-8.39.orig/pcre_ucd.c |
| +++ pcre3-8.39/pcre_ucd.c |
| @@ -38,6 +38,20 @@ const pcre_uint16 PRIV(ucd_stage2)[] = { |
| const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0}; |
| #else |
| |
| +/* If the 32-bit library is run in non-32-bit mode, character values |
| +greater than 0x10ffff may be encountered. For these we set up a |
| +special record. */ |
| + |
| +#ifdef COMPILE_PCRE32 |
| +const ucd_record PRIV(dummy_ucd_record)[] = {{ |
| + ucp_Common, /* script */ |
| + ucp_Cn, /* type unassigned */ |
| + ucp_gbOther, /* grapheme break property */ |
| + 0, /* case set */ |
| + 0, /* other case */ |
| + }}; |
| +#endif |
| + |
| /* When recompiling tables with a new Unicode version, please check the |
| types in this structure definition from pcre_internal.h (the actual |
| field names will be different): |