... and report errors more reliably. Previously some invalid
pcrs commands were silently accepted but didn't work as expected.
Partially discovered with afl-fuzz.
-const char pcrs_rcs[] = "$Id: pcrs.c,v 1.45 2014/10/18 11:27:04 fabiankeil Exp $";
+const char pcrs_rcs[] = "$Id: pcrs.c,v 1.46 2014/11/14 10:40:10 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/pcrs.c,v $
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/pcrs.c,v $
if (replacement[i] == '$' && !quoted && i < (int)(length - 1))
{
char *symbol, symbols[] = "'`+&";
if (replacement[i] == '$' && !quoted && i < (int)(length - 1))
{
char *symbol, symbols[] = "'`+&";
+ if (l >= PCRS_MAX_SUBMATCHES)
+ {
+ freez(text);
+ freez(r);
+ *errptr = PCRS_WARN_BADREF;
+ return NULL;
+ }
r->block_length[l] = (size_t)(k - r->block_offset[l]);
/* Numerical backreferences */
r->block_length[l] = (size_t)(k - r->block_offset[l]);
/* Numerical backreferences */
}
if (r->backref[l] > capturecount)
{
}
if (r->backref[l] > capturecount)
{
+ freez(text);
+ freez(r);
*errptr = PCRS_WARN_BADREF;
*errptr = PCRS_WARN_BADREF;
}
/* Valid and in range? -> record */
}
/* Valid and in range? -> record */
- if (r->backref[l] < PCRS_MAX_SUBMATCHES + 2)
+ if (0 <= r->backref[l] && r->backref[l] < PCRS_MAX_SUBMATCHES + 2)
{
r->backref_count[r->backref[l]] += 1;
r->block_offset[++l] = k;
}
else
{
{
r->backref_count[r->backref[l]] += 1;
r->block_offset[++l] = k;
}
else
{
+ freez(text);
+ freez(r);
*errptr = PCRS_WARN_BADREF;
*errptr = PCRS_WARN_BADREF;