X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=pcre%2Fpcre.c;h=4f8f82cd4ec6b7ef1a89cf3ce673bff719a77a16;hb=e38abca385ad4ac6fcb5b0daf486b72d5e19c012;hp=5149f8dad7dc2ed1d423e3257dc47e2ea088e819;hpb=c75584ebcc79f939fb4ec9c8f842cef6692640c7;p=privoxy.git

diff --git a/pcre/pcre.c b/pcre/pcre.c
index 5149f8da..4f8f82cd 100644
--- a/pcre/pcre.c
+++ b/pcre/pcre.c
@@ -730,7 +730,7 @@ if (*p == '}') max = min; else
 /* Do paranoid checks, then fill in the required variables, and pass back the
 pointer to the terminating '}'. */
 
-if (min > 65535 || max > 65535)
+if (min < 0 || min > 65535 || max < -1 || max > 65535)
   *errorptr = ERR5;
 else
   {
@@ -2486,6 +2486,7 @@ const uschar *ptr;
 compile_data compile_block;
 int brastack[BRASTACK_SIZE];
 uschar bralenstack[BRASTACK_SIZE];
+const size_t pattern_length = strlen(pattern);
 
 #ifdef DEBUG
 uschar *code_base, *code_end;
@@ -2659,8 +2660,13 @@ while ((c = *(++ptr)) != 0)
         }
       else class_charcount++;
       ptr++;
+      if (*ptr == 0)
+        {
+        *errorptr = ERR6;
+        goto PCRE_ERROR_RETURN;
+        }
       }
-    while (*ptr != 0 && *ptr != ']');
+    while (*ptr != ']');
 
     /* Repeats for negated single chars are handled by the general code */
 
@@ -3011,6 +3017,12 @@ while ((c = *(++ptr)) != 0)
       /* Ordinary character or single-char escape */
 
       runlength++;
+
+      if ((const char *)ptr > pattern + pattern_length)
+        {
+        *errorptr = "internal error";
+        goto PCRE_ERROR_RETURN;
+        }
       }
 
     /* This "while" is the end of the "do" above. */