pcre: Fix heap-buffer-overflow when loading invalid filter files

[privoxy.git] / pcre / pcre.c

diff --git a/pcre/pcre.c b/pcre/pcre.c
index 5149f8d..5824040 100644 (file)
--- a/pcre/pcre.c
+++ b/pcre/pcre.c
@@ -2486,6 +2486,7 @@ const uschar *ptr;
 compile_data compile_block;
 int brastack[BRASTACK_SIZE];
 uschar bralenstack[BRASTACK_SIZE];
+const size_t pattern_length = strlen(pattern);
 
 #ifdef DEBUG
 uschar *code_base, *code_end;
@@ -2659,8 +2660,13 @@ while ((c = *(++ptr)) != 0)
         }
       else class_charcount++;
       ptr++;
+      if (*ptr == 0)
+        {
+        *errorptr = ERR6;
+        goto PCRE_ERROR_RETURN;
+        }
       }
-    while (*ptr != 0 && *ptr != ']');
+    while (*ptr != ']');
 
     /* Repeats for negated single chars are handled by the general code */
 
@@ -3011,6 +3017,12 @@ while ((c = *(++ptr)) != 0)
       /* Ordinary character or single-char escape */
 
       runlength++;
+
+      if ((const char *)ptr > pattern + pattern_length)
+        {
+        *errorptr = "internal error";
+        goto PCRE_ERROR_RETURN;
+        }
       }
 
     /* This "while" is the end of the "do" above. */