From 317f3399a16f29730cc5617047c3003e5c202477 Mon Sep 17 00:00:00 2001 From: Alex Dowad Date: Wed, 4 Sep 2024 19:59:24 +0900 Subject: [PATCH] Use assertion to ensure erroroffset return from pcre2_compile is within bounds (#460) When testing a patch for PCRE2, I found that due to a bug in my code, `pcre2_compile()` could return a totally invalid error offset. In case something similar ever happens again, I've added an assertion which will make it easier to notice the problem. It should be noted that the pcre2api manpage states: "Some errors are not detected until the whole pattern has been scanned; in these cases, the offset passed back is the length of the pattern." Since patterns are not always null-terminated, this means that `pattern + erroroffset` may sometimes point to uninitialized (or even unmapped) memory. However, it is still worthwhile to guard against other unexpected values being returned in `erroroffset`. --- src/pcre2_compile.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c index 7f0123b57..0fce79c0a 100644 --- a/src/pcre2_compile.c +++ b/src/pcre2_compile.c @@ -11201,6 +11201,8 @@ an offset is available in the parsed pattern. */ ptr = pattern + cb.erroroffset; HAD_EARLY_ERROR: +PCRE2_ASSERT(ptr >= pattern); /* Ensure we don't return invalid erroroffset */ +PCRE2_ASSERT(ptr <= (pattern + patlen)); *erroroffset = ptr - pattern; HAD_ERROR: