kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

Prevent potential buffer overrun in onigmo

Browse source 
A code pattern `p + enclen(enc, p, pend)` may lead to a buffer overrun
if incomplete bytes of a UTF-8 character is placed at the end of a
string. Because this pattern is used in several places in onigmo,
this change fixes the issue in the side of `enclen`: the function should
not return a number that is larger than `pend - p`.

Co-Authored-By: Nobuyoshi Nakada <nobu@ruby-lang.org>
This commit is contained in:
Yusuke Endoh 2022-10-25 15:45:40 +09:00
parent 114e71d062
commit 1d2d25dcad
Notes: git 2022-10-25 08:03:04 +00:00 
Merged: https://github.com/ruby/ruby/pull/6628
3 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/ruby/onigmo.h
View file

@ -356,9 +356,9 @@ int onigenc_ascii_only_case_map(OnigCaseFoldType* flagP, const OnigUChar** pp, c
#define ONIGENC_PRECISE_MBC_ENC_LEN(enc,p,e) (enc)->precise_mbc_enc_len(p,e,enc) #define ONIGENC_PRECISE_MBC_ENC_LEN(enc,p,e) (enc)->precise_mbc_enc_len(p,e,enc)
ONIG_EXTERN ONIG_EXTERN
int onigenc_mbclen_approximate(const OnigUChar* p,const OnigUChar* e, const struct OnigEncodingTypeST* enc); int onigenc_mbclen(const OnigUChar* p,const OnigUChar* e, const struct OnigEncodingTypeST* enc);
#define ONIGENC_MBC_ENC_LEN(enc,p,e) onigenc_mbclen_approximate(p,e,enc) #define ONIGENC_MBC_ENC_LEN(enc,p,e) onigenc_mbclen(p,e,enc)
#define ONIGENC_MBC_MAXLEN(enc) ((enc)->max_enc_len) #define ONIGENC_MBC_MAXLEN(enc) ((enc)->max_enc_len)
#define ONIGENC_MBC_MAXLEN_DIST(enc) ONIGENC_MBC_MAXLEN(enc) #define ONIGENC_MBC_MAXLEN_DIST(enc) ONIGENC_MBC_MAXLEN(enc)
#define ONIGENC_MBC_MINLEN(enc) ((enc)->min_enc_len) #define ONIGENC_MBC_MINLEN(enc) ((enc)->min_enc_len)

15
regenc.c
View file

@ -51,6 +51,21 @@ onigenc_set_default_encoding(OnigEncoding enc)
return 0; return 0;
} }
extern int
onigenc_mbclen(const OnigUChar* p,const OnigUChar* e, OnigEncoding enc)
{
int ret = ONIGENC_PRECISE_MBC_ENC_LEN(enc, p, e);
if (ONIGENC_MBCLEN_CHARFOUND_P(ret)) {
ret = ONIGENC_MBCLEN_CHARFOUND_LEN(ret);
if (ret > (int)(e - p)) ret = (int)(e - p); // just for case
return ret;
}
else if (ONIGENC_MBCLEN_NEEDMORE_P(ret)) {
return (int)(e - p);
}
return p < e ? 1 : 0;
}
extern int extern int
onigenc_mbclen_approximate(const OnigUChar* p,const OnigUChar* e, OnigEncoding enc) onigenc_mbclen_approximate(const OnigUChar* p,const OnigUChar* e, OnigEncoding enc)
{ {

1
regparse.c
View file

@ -3799,7 +3799,6 @@ fetch_token(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env)
} }
else { /* string */ else { /* string */
p = tok->backp + enclen(enc, tok->backp, end); p = tok->backp + enclen(enc, tok->backp, end);
if (p > end) return ONIGERR_END_PATTERN_AT_ESCAPE;
} }
} }
break; break;