Lines 2318-2324
if an "extended" flag setting appears la
Link Here
|
2318 |
clever for #-comments. */ |
2318 |
clever for #-comments. */ |
2319 |
|
2319 |
|
2320 |
ptr = (const uschar *)(pattern - 1); |
2320 |
ptr = (const uschar *)(pattern - 1); |
2321 |
while ((c = *(++ptr)) != 0) |
2321 |
while (((c = *(++ptr)) != 0) && (length > 0) && (length <= 65535)) |
2322 |
{ |
2322 |
{ |
2323 |
int min, max; |
2323 |
int min, max; |
2324 |
int class_charcount; |
2324 |
int class_charcount; |
Lines 2602-2609
while ((c = *(++ptr)) != 0)
Link Here
|
2602 |
to do before the first copy if the minimum is zero. */ |
2602 |
to do before the first copy if the minimum is zero. */ |
2603 |
|
2603 |
|
2604 |
if (minval == 0) length++; |
2604 |
if (minval == 0) length++; |
2605 |
else if (minval > 1) length += (minval - 1) * duplength; |
2605 |
else if (minval > 1) |
2606 |
if (maxval > minval) length += (maxval - minval) * (duplength + 1); |
2606 |
{ |
|
|
2607 |
size_t tmp = (minval - 1) * duplength; |
2608 |
|
2609 |
if (duplength != (tmp / (minval - 1))) |
2610 |
goto PCRE_OVER_FLOW_ERROR_RETURN; |
2611 |
length += tmp; |
2612 |
} |
2613 |
if (maxval > minval) |
2614 |
{ |
2615 |
size_t tmp = (maxval - minval) * (duplength + 1); |
2616 |
|
2617 |
if ((duplength + 1) != (tmp / (maxval - minval))) |
2618 |
goto PCRE_OVER_FLOW_ERROR_RETURN; |
2619 |
|
2620 |
length += tmp; |
2621 |
} |
2607 |
} |
2622 |
} |
2608 |
continue; |
2623 |
continue; |
2609 |
|
2624 |
|
Lines 2656-2669
while ((c = *(++ptr)) != 0)
Link Here
|
2656 |
} |
2671 |
} |
2657 |
} |
2672 |
} |
2658 |
|
2673 |
|
2659 |
length += 4; /* For final KET and END */ |
2674 |
if ((length > 65535) || (length < 3)) |
2660 |
|
|
|
2661 |
if (length > 65539) |
2662 |
{ |
2675 |
{ |
|
|
2676 |
PCRE_OVER_FLOW_ERROR_RETURN: |
2663 |
*errorptr = ERR20; |
2677 |
*errorptr = ERR20; |
2664 |
return NULL; |
2678 |
return NULL; |
2665 |
} |
2679 |
} |
2666 |
|
2680 |
|
|
|
2681 |
length += 4; /* For final KET and END */ |
2682 |
|
2667 |
/* Compute the size of data block needed and get it, either from malloc or |
2683 |
/* Compute the size of data block needed and get it, either from malloc or |
2668 |
externally provided function. We specify "code[0]" in the offsetof() expression |
2684 |
externally provided function. We specify "code[0]" in the offsetof() expression |
2669 |
rather than just "code", because it has been reported that one broken compiler |
2685 |
rather than just "code", because it has been reported that one broken compiler |