summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDongHun Kwak <dh0128.kwak@samsung.com>2017-09-04 18:05:54 +0900
committerDongHun Kwak <dh0128.kwak@samsung.com>2017-11-06 11:14:25 +0900
commit4f0fc8f07d1deac8984ce825a76db6c6e92e7a7a (patch)
treed38443651289b822ee9b747c5826ca4efa198fa5
parent1f3cd6093f2a0c20751f9ff98736dd9fe62f360a (diff)
downloadpcre-4f0fc8f07d1deac8984ce825a76db6c6e92e7a7a.tar.gz
pcre-4f0fc8f07d1deac8984ce825a76db6c6e92e7a7a.tar.bz2
pcre-4f0fc8f07d1deac8984ce825a76db6c6e92e7a7a.zip
Security Patch [CVE-2017-9729]submit/tizen_base/20171106.060041accepted/tizen/base/20171110.163209
- https://nvd.nist.gov/vuln/detail/CVE-2017-11164 - https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=markup In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression [Model] All [BinType] AP [Customer] OPEN [Issue#] N/A [Request] N/A [Occurrence Version] N/A [Problem] Security patch [Cause & Measure] Security patch [Checking Method] N/A [Team] Open Source Management and Setting Part [Developer] dh0128.kwak [Solution company] Samsung [Change Type] N/A Change-Id: I28e0eb8a830a8f483f7ebc80e7d8c9516ce8f38d Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
Diffstat
-rw-r--r--pcre_exec.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/pcre_exec.c b/pcre_exec.c
index 24b23ca..1a9bdd5 100644
--- a/pcre_exec.c
+++ b/pcre_exec.c
@@ -669,7 +669,7 @@ if (ecode == NULL)
return match((PCRE_PUCHAR)&rdepth, NULL, NULL, 0, NULL, NULL, 1);
else
{
- int len = (char *)&rdepth - (char *)eptr;
+ int len = (int)((char *)&rdepth - (char *)eptr);
return (len > 0)? -len : len;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 19:23:00 +0000