upstream patch fixing CVE-2020-14155

This checks the size of the number after (?C as it is read, in order to avoid integer overflow.
author: Matthew Vernon <matthew@debian.org> 2020-06-18 19:32:51 +0100
committer: Matthew Vernon <matthew@debian.org> 2020-06-18 19:32:51 +0100
commit: 7b88c83f87391950756256072f886a08c44ed78f (patch)
tree: 67786a8c81e26d1f535af8228fbf1d4629fb7652
parent: 2ff8807d4569f246376ced2ece2e36878fc99acb (diff)
1 files changed, 7 insertions, 5 deletions
diff --git a/pcre_compile.c b/pcre_compile.c
index 7cd3950..c742227 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7086,17 +7086,19 @@ for (;; ptr++)
           int n = 0;
           ptr++;
           while(IS_DIGIT(*ptr))
+            { 
             n = n * 10 + *ptr++ - CHAR_0;
+            if (n > 255)
+              {
+              *errorcodeptr = ERR38;
+              goto FAILED;
+              }
+            } 
           if (*ptr != CHAR_RIGHT_PARENTHESIS)
             {
             *errorcodeptr = ERR39;
             goto FAILED;
             }
-          if (n > 255)
-            {
-            *errorcodeptr = ERR38;
-            goto FAILED;
-            }
           *code++ = n;
           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
           PUT(code, LINK_SIZE, 0);                          /* Default length */
author	Matthew Vernon <matthew@debian.org>	2020-06-18 19:32:51 +0100
committer	Matthew Vernon <matthew@debian.org>	2020-06-18 19:32:51 +0100
commit	7b88c83f87391950756256072f886a08c44ed78f (patch)
tree	67786a8c81e26d1f535af8228fbf1d4629fb7652
parent	2ff8807d4569f246376ced2ece2e36878fc99acb (diff)