From 4f0fc8f07d1deac8984ce825a76db6c6e92e7a7a Mon Sep 17 00:00:00 2001
From: DongHun Kwak <dh0128.kwak@samsung.com>
Date: Mon, 4 Sep 2017 18:05:54 +0900
Subject: Security Patch [CVE-2017-9729]

 - https://nvd.nist.gov/vuln/detail/CVE-2017-11164
 - https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=markup

 In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c
allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression

[Model] All
[BinType] AP
[Customer] OPEN

[Issue#] N/A
[Request] N/A
[Occurrence Version] N/A

[Problem] Security patch
[Cause & Measure] Security patch
[Checking Method] N/A

[Team] Open Source Management and Setting Part
[Developer] dh0128.kwak
[Solution company] Samsung
[Change Type] N/A

Change-Id: I28e0eb8a830a8f483f7ebc80e7d8c9516ce8f38d
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
---
 pcre_exec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pcre_exec.c b/pcre_exec.c
index 24b23ca..1a9bdd5 100644
--- a/pcre_exec.c
+++ b/pcre_exec.c
@@ -669,7 +669,7 @@ if (ecode == NULL)
     return match((PCRE_PUCHAR)&rdepth, NULL, NULL, 0, NULL, NULL, 1);
   else
     {
-    int len = (char *)&rdepth - (char *)eptr;
+    int len = (int)((char *)&rdepth - (char *)eptr);
     return (len > 0)? -len : len;
     }
   }
-- 
cgit v1.2.3