37 lines
1013 B
Diff
37 lines
1013 B
Diff
From f2411acb3711a44497539d17b245bd366d9c26d7 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= <carenas@gmail.com>
|
|
Date: Mon, 12 Dec 2022 08:32:42 -0800
|
|
Subject: [PATCH] jit: fail early in ffcps_* if subject shorter than offs1
|
|
(#175)
|
|
|
|
FF_FUN would try loading a vector from an invalid address
|
|
triggering a crash.
|
|
|
|
Add the same check that is done in the x86/s390x implementations
|
|
and that was missing from the original code.
|
|
|
|
Fixes: #86
|
|
|
|
Conflict:NA
|
|
Reference:https://github.com/PCRE2Project/pcre2/commit/f2411acb3711a44497539d17b245bd366d9c26d7
|
|
---
|
|
src/pcre2_jit_neon_inc.h | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/src/pcre2_jit_neon_inc.h b/src/pcre2_jit_neon_inc.h
|
|
index e74adf1..165602e 100644
|
|
--- a/src/pcre2_jit_neon_inc.h
|
|
+++ b/src/pcre2_jit_neon_inc.h
|
|
@@ -183,6 +183,8 @@ restart:;
|
|
#endif
|
|
|
|
#if defined(FFCPS)
|
|
+if (str_ptr >= str_end)
|
|
+ return NULL;
|
|
sljit_u8 *p1 = str_ptr - diff;
|
|
#endif
|
|
sljit_s32 align_offset = ((uint64_t)str_ptr & 0xf);
|
|
--
|
|
1.8.3.1
|
|
|