1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
$NetBSD: patch-bf,v 1.1 2005/11/01 21:49:31 adrianp Exp $
--- Modules/pypcre.c.orig 2000-08-02 14:41:18.000000000 +0100
+++ Modules/pypcre.c
@@ -1162,14 +1162,31 @@ read_repeat_counts(const uschar *p, int
int min = 0;
int max = -1;
+/* Read the minimum value and do a paranoid check: a negative value indicates
+an integer overflow. */
+
while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+if (min < 0 || min > 65535)
+ {
+ *errorptr = ERR5;
+ return p;
+ }
+
+/* Read the maximum value if there is one, and again do a paranoid on its size
+. Also, max must not be less than min. */
+
if (*p == '}') max = min; else
{
if (*(++p) != '}')
{
max = 0;
while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
+ if (max < 0 || max > 65535)
+ {
+ *errorptr = ERR5;
+ return p;
+ }
if (max < min)
{
*errorptr = ERR4;
@@ -2266,6 +2283,7 @@ int c, size;
int bracount = 0;
int brastack[200];
int top_backref = 0;
+BOOL capturing;
unsigned int brastackptr = 0;
uschar *code;
const uschar *ptr;
@@ -2445,7 +2463,8 @@ while ((c = *(++ptr)) != 0)
/* Brackets may be genuine groups or special things */
case '(':
-
+ capturing = FALSE;
+
/* Handle special forms of bracket, which all start (? */
if (ptr[1] == '?') switch (c = ptr[2])
@@ -2541,11 +2560,16 @@ while ((c = *(++ptr)) != 0)
}
continue; /* End of this bracket handling */
}
+
+ /* Ordinary parentheses, not followed by '?', are capturing unless
+ PCRE_NO_AUTO_CAPTURE is set. */
+ else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0;
+
/* Extracting brackets must be counted so we can process escapes in a
Perlish way. */
-
- else bracount++;
+
+ if (capturing) bracount++;
/* Non-special forms of bracket. Save length for computing whole length
at end if there's a repeat that requires duplication of the group. */
|
