current/SOURCES/pcre-8.35-Do-not-rely-on-wrapping-signed-integer-while-parsein.patch

From a05e11ff3a663c06e0a30dfa86aa7ed4544a6008 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 11 Apr 2014 13:41:13 +0200
Subject: [PATCH] Do not rely on wrapping signed integer while parseing
 {min,max}
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed integer overflow is not defined in C language. GCC 4.9 bails
out here.

Signed-off-by: Petr Písař <ppisar@redhat.com>
---
 pcre_compile.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/pcre_compile.c b/pcre_compile.c
index 8a5b723..ce65058 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -1586,11 +1586,15 @@ int max = -1;
 /* Read the minimum value and do a paranoid check: a negative value indicates
 an integer overflow. */
 
-while (IS_DIGIT(*p)) min = min * 10 + (int)(*p++ - CHAR_0);
-if (min < 0 || min > 65535)
+while (IS_DIGIT(*p))
   {
-  *errorcodeptr = ERR5;
-  return p;
+  min = min * 10 + (int)(*p++ - CHAR_0);
+  if (min > 65535)
+    {
+    *errorcodeptr = ERR5;
+    while (*p != CHAR_RIGHT_CURLY_BRACKET) p++;
+    return p;
+    }
   }
 
 /* Read the maximum value if there is one, and again do a paranoid on its size.
@@ -1601,11 +1605,15 @@ if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
   if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
     {
     max = 0;
-    while(IS_DIGIT(*p)) max = max * 10 + (int)(*p++ - CHAR_0);
-    if (max < 0 || max > 65535)
+    while(IS_DIGIT(*p))
       {
-      *errorcodeptr = ERR5;
-      return p;
+      max = max * 10 + (int)(*p++ - CHAR_0);
+      if (max > 65535)
+        {
+        *errorcodeptr = ERR5;
+        while (*p != CHAR_RIGHT_CURLY_BRACKET) p++;
+        return p;
+        }
       }
     if (max < min)
       {
-- 
1.9.0

1	From a05e11ff3a663c06e0a30dfa86aa7ed4544a6008 Mon Sep 17 00:00:00 2001
2	From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
3	Date: Fri, 11 Apr 2014 13:41:13 +0200
4	Subject: [PATCH] Do not rely on wrapping signed integer while parseing
5	{min,max}
6	MIME-Version: 1.0
7	Content-Type: text/plain; charset=UTF-8
8	Content-Transfer-Encoding: 8bit
9
10	Signed integer overflow is not defined in C language. GCC 4.9 bails
11	out here.
12
13	Signed-off-by: Petr Písař <ppisar@redhat.com>
14	---
15	pcre_compile.c \| 24 ++++++++++++++++--------
16	1 file changed, 16 insertions(+), 8 deletions(-)
17
18	diff --git a/pcre_compile.c b/pcre_compile.c
19	index 8a5b723..ce65058 100644
20	--- a/pcre_compile.c
21	+++ b/pcre_compile.c
22	@@ -1586,11 +1586,15 @@ int max = -1;
23	/* Read the minimum value and do a paranoid check: a negative value indicates
24	an integer overflow. */
25
26	-while (IS_DIGIT(p)) min = min 10 + (int)(*p++ - CHAR_0);
27	-if (min < 0 \|\| min > 65535)
28	+while (IS_DIGIT(*p))
29	{
30	- *errorcodeptr = ERR5;
31	- return p;
32	+ min = min * 10 + (int)(*p++ - CHAR_0);
33	+ if (min > 65535)
34	+ {
35	+ *errorcodeptr = ERR5;
36	+ while (*p != CHAR_RIGHT_CURLY_BRACKET) p++;
37	+ return p;
38	+ }
39	}
40
41	/* Read the maximum value if there is one, and again do a paranoid on its size.
42	@@ -1601,11 +1605,15 @@ if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
43	if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
44	{
45	max = 0;
46	- while(IS_DIGIT(p)) max = max 10 + (int)(*p++ - CHAR_0);
47	- if (max < 0 \|\| max > 65535)
48	+ while(IS_DIGIT(*p))
49	{
50	- *errorcodeptr = ERR5;
51	- return p;
52	+ max = max * 10 + (int)(*p++ - CHAR_0);
53	+ if (max > 65535)
54	+ {
55	+ *errorcodeptr = ERR5;
56	+ while (*p != CHAR_RIGHT_CURLY_BRACKET) p++;
57	+ return p;
58	+ }
59	}
60	if (max < min)
61	{
62	--
63	1.9.0
64