blob: 75bdfada57ebcc5e4c1e51715fd1cc52f790e011 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
commit b690371bbf97794b4a1d3f295d4fb9a8b05d402d
Author: K.Kosako <kosako@sofnec.co.jp>
Date: Wed May 24 10:27:04 2017 +0900
fix #59 : access to invalid address by reg->dmax value
Upstream-Status: Backport
CVE: CVE-2017-9229
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Index: ruby-2.2.5/regexec.c
===================================================================
--- ruby-2.2.5.orig/regexec.c 2017-09-13 12:17:08.429254209 +0530
+++ ruby-2.2.5/regexec.c 2017-09-13 12:24:03.365312311 +0530
@@ -3763,6 +3763,12 @@
}
else {
if (reg->dmax != ONIG_INFINITE_DISTANCE) {
+ if (p - str < reg->dmax) {
+ *low = (UChar* )str;
+ if (low_prev)
+ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end);
+ }
+ else {
*low = p - reg->dmax;
if (*low > s) {
*low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
@@ -3776,6 +3782,7 @@
*low_prev = onigenc_get_prev_char_head(reg->enc,
(pprev ? pprev : str), *low, end);
}
+ }
}
}
/* no needs to adjust *high, *high is used as range check only */
|
