X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=pcrs.c;h=156ae9882d1a64b4c72036849ee4bcd8a4926158;hp=d90b87c4e06ba51da8206e30ee57df5dae69230a;hb=a6c770e7339eb610644e51019d1872fbc7ce5e77;hpb=26cfec65118d8c0ea77df6982eb7454856cdae98

diff --git a/pcrs.c b/pcrs.c
index d90b87c4..156ae988 100644
--- a/pcrs.c
+++ b/pcrs.c
@@ -1,4 +1,4 @@
-const char pcrs_rcs[] = "$Id: pcrs.c,v 1.45 2014/10/18 11:27:04 fabiankeil Exp $";
+const char pcrs_rcs[] = "$Id: pcrs.c,v 1.47 2015/01/24 16:40:59 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/pcrs.c,v $
@@ -80,6 +80,8 @@ static int              is_hex_sequence(const char *sequence);
  *********************************************************************/
 const char *pcrs_strerror(const int error)
 {
+   static char buf[100];
+
    if (error != 0)
    {
       switch (error)
@@ -119,7 +121,11 @@ const char *pcrs_strerror(const int error)
           * version. If Privoxy is linked against a newer
           * PCRE version all bets are off ...
           */
-         default:  return "Unknown error. Privoxy out of sync with PCRE?";
+         default:
+            snprintf(buf, sizeof(buf),
+               "Error code %d. For details, check the pcre documentation.",
+               error);
+            return buf;
       }
    }
    /* error >= 0: No error */
@@ -319,6 +325,13 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr
          if (replacement[i] == '$' && !quoted && i < (int)(length - 1))
          {
             char *symbol, symbols[] = "'`+&";
+            if (l >= PCRS_MAX_SUBMATCHES)
+            {
+               freez(text);
+               freez(r);
+               *errptr = PCRS_WARN_BADREF;
+               return NULL;
+            }
             r->block_length[l] = (size_t)(k - r->block_offset[l]);
 
             /* Numerical backreferences */
@@ -330,7 +343,10 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr
                }
                if (r->backref[l] > capturecount)
                {
+                  freez(text);
+                  freez(r);
                   *errptr = PCRS_WARN_BADREF;
+                  return NULL;
                }
             }
 
@@ -360,14 +376,17 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr
             }
 
             /* Valid and in range? -> record */
-            if (r->backref[l] < PCRS_MAX_SUBMATCHES + 2)
+            if (0 <= r->backref[l] && r->backref[l] < PCRS_MAX_SUBMATCHES + 2)
             {
                r->backref_count[r->backref[l]] += 1;
                r->block_offset[++l] = k;
             }
             else
             {
+               freez(text);
+               freez(r);
                *errptr = PCRS_WARN_BADREF;
+               return NULL;
             }
             continue;
          }