emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#51710: closed ([PATCH] pcre: avoid overflow in PCRE JIT stack resizi

From: GNU bug Tracking System
Subject: bug#51710: closed ([PATCH] pcre: avoid overflow in PCRE JIT stack resizing)
Date: Tue, 09 Nov 2021 18:29:01 +0000 
Your message dated Tue, 9 Nov 2021 10:28:07 -0800
with message-id <d593d6ca-9987-c63f-5ddf-6e9caa956d28@cs.ucla.edu>
and subject line Re: bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack 
resizing
has caused the debbugs.gnu.org bug report #51710,
regarding [PATCH] pcre: avoid overflow in PCRE JIT stack resizing
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
51710: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=51710
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing Date: Tue, 9 Nov 2021 00:33:09 -0800 
fbc60d4 (Grow the JIT stack if it becomes exhausted, 2015-02-10), add
support to grep for recovering from a JIT stack exhaustion problem,
by creating and using increasingly larger stacks.

The underlying problem might seem to have been generated by a PCRE bug
that is no longer reproducible, and the code could be simplified to do
a single iteration instead with a theoretical maximum of almost INT_MAX,
but that could be a regression, so instead make sure that the maximum
size requested will always be valid, by avoiding a PCRE internal int
overflow that will then be translated into an UINT_MAX like value by
sljit.

Alternatively, a smaller maximum could be selected as it has been
documented[1] that more than 1MB would be unrealistic.

[1] https://www.pcre.org/original/doc/html/pcrejit.html#SEC8

Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
---
 src/pcresearch.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pcresearch.c b/src/pcresearch.c
index 3bdaee9..c4fb09b 100644
--- a/src/pcresearch.c
+++ b/src/pcresearch.c
@@ -77,6 +77,10 @@ jit_exec (struct pcre_comp *pc, char const *subject, int 
search_bytes,
         {
           int old_size = pc->jit_stack_size;
           int new_size = pc->jit_stack_size = old_size * 2;
+
+          /* PCRE will round up 8K bytes, so avoid overflow in maximum  */
+          if (INT_MAX - new_size < 8192)
+            new_size = INT_MAX - 8192;
           if (pc->jit_stack)
             pcre_jit_stack_free (pc->jit_stack);
           pc->jit_stack = pcre_jit_stack_alloc (old_size, new_size);
-- 
2.34.0.rc1.349.g8f33748433

--- End Message ---
--- Begin Message --- Subject: Re: bug#51710: [PATCH] pcre: avoid overflow in PCRE JIT stack resizing Date: Tue, 9 Nov 2021 10:28:07 -0800 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 
Thanks for reporting that. I installed the attached somewhat-simpler patch.
Does PCRE2 have a similar bug? If so, I suppose this should be reflected when we merge in the patch for bug#47264.

Attachment: 0001-grep-work-around-PCRE-bug.patch
Description: Text Data


--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]