From 3295b48defa0f8570114877b063fe546dd348b3c Mon Sep 17 00:00:00 2001 From: Karl Williamson Date: Thu, 20 Feb 2020 17:49:36 +0000 Subject: [PATCH] regcomp: use long jumps if there is any possibility of overflow (CVE-2020-10878) Be conservative for backporting, we'll aim to do something more aggressive for bleadperl. (cherry picked from commit 9d7759db46f3b31b1d3f79c44266b6ba42a47fc6) Upstream-Status: Backport [https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c] CVE: CVE-2020-10878 Signed-off-by: Lee Chee Yang --- regcomp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/regcomp.c b/regcomp.c index 4ba2980db66..73c35a67020 100644 --- a/regcomp.c +++ b/regcomp.c @@ -7762,6 +7762,13 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count, /* We have that number in RExC_npar */ RExC_total_parens = RExC_npar; + + /* XXX For backporting, use long jumps if there is any possibility of + * overflow */ + if (RExC_size > U16_MAX && ! RExC_use_BRANCHJ) { + RExC_use_BRANCHJ = TRUE; + flags |= RESTART_PARSE; + } } else if (! MUST_RESTART(flags)) { ReREFCNT_dec(Rx);