From eb42305f072549facb3293f392f25768f35fa218 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= Date: Fri, 19 Nov 2021 00:23:46 -0800 Subject: [PATCH] jit: avoid integer wraparound in stack size definition (#42) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit pcre2_jit_stack_create() allows the user to indicate how big of a stack size JIT should be able to allocate and use, using a size_t variable which should be able to hold bigger values than reasonable. Internally, the value is rounded to the next 8K, but if the value is unreasonable large, would overflow and could result in a smaller than expected stack or a maximun size that is smaller than the minimum.. Avoid the overflow by checking the value and failing early, and while at it make the check clearer while documenting the failure mode. Signed-off-by: Carlo Marcelo Arenas Belón --- doc/pcre2_jit_stack_create.3 | 3 ++- src/pcre2_jit_misc.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/pcre2_jit_stack_create.3 b/doc/pcre2_jit_stack_create.3 index f0b29f0dc..d332b72d7 100644 --- a/doc/pcre2_jit_stack_create.3 +++ b/doc/pcre2_jit_stack_create.3 @@ -22,7 +22,8 @@ allocation. The result can be passed to the JIT run-time code by calling \fBpcre2_jit_stack_assign()\fP to associate the stack with a compiled pattern, which can then be processed by \fBpcre2_match()\fP or \fBpcre2_jit_match()\fP. A maximum stack size of 512KiB to 1MiB should be more than enough for any -pattern. For more details, see the +pattern. If the stack couldn't be allocated or the values passed were not +reasonable, NULL will be returned. For more details, see the .\" HREF \fBpcre2jit\fP .\" diff --git a/src/pcre2_jit_misc.c b/src/pcre2_jit_misc.c index ec924e0f9..d532df962 100644 --- a/src/pcre2_jit_misc.c +++ b/src/pcre2_jit_misc.c @@ -135,7 +135,7 @@ return NULL; pcre2_jit_stack *jit_stack; -if (startsize < 1 || maxsize < 1) +if (startsize == 0 || maxsize == 0 || maxsize > PCRE2_SIZE_MAX - STACK_GROWTH_RATE) return NULL; if (startsize > maxsize) startsize = maxsize;