| From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001 |
| From: "K.Kosako" <kosako@sofnec.co.jp> |
| Date: Tue, 23 May 2017 10:28:58 +0900 |
| Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access |
| |
| --- |
| regexec.c | 5 ----- |
| 1 file changed, 5 deletions(-) |
| |
| --- end of original header |
| |
| CVE: CVE-2017-9224 |
| |
| Context modified so that patch applies for version 2.4.1. |
| |
| Upstream-Status: Pending |
| Signed-off-by: Joe Slater <joe.slater@windriver.com> |
| |
| |
| diff --git a/regexec.c b/regexec.c |
| index 35fef11..d4e577d 100644 |
| --- a/regexec.c |
| +++ b/regexec.c |
| @@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end, |
| NEXT; |
| |
| CASE(OP_EXACT1) MOP_IN(OP_EXACT1); |
| -#if 0 |
| DATA_ENSURE(1); |
| if (*p != *s) goto fail; |
| p++; s++; |
| -#endif |
| - if (*p != *s++) goto fail; |
| - DATA_ENSURE(0); |
| - p++; |
| MOP_OUT; |
| break; |
| |
| -- |
| 1.7.9.5 |
| |