1b5975d6bSopenharmony_ciFrom 13ad4296ea8ba66f5620288b2fd06315852e73ae Mon Sep 17 00:00:00 2001 2b5975d6bSopenharmony_ciFrom: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= <mail@3v1n0.net> 3b5975d6bSopenharmony_ciDate: Tue, 6 Sep 2022 17:20:45 +0200 4b5975d6bSopenharmony_ciSubject: [PATCH] gregex: Fix a potential PCRE2 code leak on reallocation 5b5975d6bSopenharmony_ci failures 6b5975d6bSopenharmony_ci 7b5975d6bSopenharmony_ciIn case recalc_match_offsets() failed we were just returning, but in 8b5975d6bSopenharmony_cisuch case, per the documentation we should still set the match_info (if 9b5975d6bSopenharmony_ciprovided) and free the pcre2 code instance. 10b5975d6bSopenharmony_ci 11b5975d6bSopenharmony_ciSo let's just break the loop we're in it, as if we we've no matches set. 12b5975d6bSopenharmony_ciThis also avoids re-allocating the offsets array and potentially 13b5975d6bSopenharmony_ciaccessing to unset data. 14b5975d6bSopenharmony_ci--- 15b5975d6bSopenharmony_ci glib/gregex.c | 12 +++++------- 16b5975d6bSopenharmony_ci 1 file changed, 5 insertions(+), 7 deletions(-) 17b5975d6bSopenharmony_ci 18b5975d6bSopenharmony_cidiff --git a/glib/gregex.c b/glib/gregex.c 19b5975d6bSopenharmony_ciindex f2a5b5fd1c..6f3ee88122 100644 20b5975d6bSopenharmony_ci--- a/glib/gregex.c 21b5975d6bSopenharmony_ci+++ b/glib/gregex.c 22b5975d6bSopenharmony_ci@@ -2337,13 +2337,6 @@ g_regex_match_all_full (const GRegex *regex, 23b5975d6bSopenharmony_ci info->match_data, 24b5975d6bSopenharmony_ci info->match_context, 25b5975d6bSopenharmony_ci info->workspace, info->n_workspace); 26b5975d6bSopenharmony_ci- 27b5975d6bSopenharmony_ci- if (!recalc_match_offsets (info, error)) 28b5975d6bSopenharmony_ci- { 29b5975d6bSopenharmony_ci- g_match_info_free (info); 30b5975d6bSopenharmony_ci- return FALSE; 31b5975d6bSopenharmony_ci- } 32b5975d6bSopenharmony_ci- 33b5975d6bSopenharmony_ci if (info->matches == PCRE2_ERROR_DFA_WSSIZE) 34b5975d6bSopenharmony_ci { 35b5975d6bSopenharmony_ci /* info->workspace is too small. */ 36b5975d6bSopenharmony_ci@@ -2370,6 +2363,11 @@ g_regex_match_all_full (const GRegex *regex, 37b5975d6bSopenharmony_ci _("Error while matching regular expression %s: %s"), 38b5975d6bSopenharmony_ci regex->pattern, match_error (info->matches)); 39b5975d6bSopenharmony_ci } 40b5975d6bSopenharmony_ci+ else if (info->matches > 0) 41b5975d6bSopenharmony_ci+ { 42b5975d6bSopenharmony_ci+ if (!recalc_match_offsets (info, error)) 43b5975d6bSopenharmony_ci+ info->matches = PCRE2_ERROR_NOMATCH; 44b5975d6bSopenharmony_ci+ } 45b5975d6bSopenharmony_ci } 46b5975d6bSopenharmony_ci 47b5975d6bSopenharmony_ci pcre2_code_free (pcre_re); 48b5975d6bSopenharmony_ci-- 49b5975d6bSopenharmony_ciGitLab 50b5975d6bSopenharmony_ci 51