Fix minor memory check bug in pcre2test

PhilipHazel · PhilipHazel · commit 69d6b2461553 · 2023-01-25T09:37:30.000Z
diff --git a/ChangeLog b/ChangeLog
@@ -33,6 +33,9 @@ milliseconds to microseconds. This is more useful for modern CPUs.
 7. Applied PR #193, which makes the requirement for C99 explicit in 
 configure.ac and CMakeLists.txt.
 
+8. Fixed a bug in pcre2test when a ridiculously large string repeat required a 
+stupid amount of memory. It now gives a clean realloc() failure error.
+
 
 Version 10.42 11-December-2022
 ------------------------------
diff --git a/src/pcre2test.c b/src/pcre2test.c
@@ -6839,11 +6839,15 @@ extended if replication is involved). */
 needlen = (size_t)((len+1) * code_unit_size);
 if (dbuffer == NULL || needlen >= dbuffer_size)
   {
-  while (needlen >= dbuffer_size) dbuffer_size *= 2;
+  while (needlen >= dbuffer_size)
+    {
+    if (dbuffer_size < SIZE_MAX/2) dbuffer_size *= 2;
+      else dbuffer_size = needlen + 1;
+    }
   dbuffer = (uint8_t *)realloc(dbuffer, dbuffer_size);
   if (dbuffer == NULL)
     {
-    fprintf(stderr, "pcre2test: realloc(%d) failed\n", (int)dbuffer_size);
+    fprintf(stderr, "pcre2test: realloc(%" SIZ_FORM ") failed\n", dbuffer_size);
     exit(1);
     }
   }
@@ -6900,11 +6904,16 @@ while ((c = *p++) != 0)
       {
       size_t qoffset = CAST8VAR(q) - dbuffer;
       size_t rep_offset = start_rep - dbuffer;
-      while (needlen >= dbuffer_size) dbuffer_size *= 2;
+      while (needlen >= dbuffer_size)
+        {
+        if (dbuffer_size < SIZE_MAX/2) dbuffer_size *= 2;
+          else dbuffer_size = needlen + 1;
+        }
       dbuffer = (uint8_t *)realloc(dbuffer, dbuffer_size);
       if (dbuffer == NULL)
         {
-        fprintf(stderr, "pcre2test: realloc(%d) failed\n", (int)dbuffer_size);
+        fprintf(stderr, "pcre2test: realloc(%" SIZ_FORM ") failed\n",
+          dbuffer_size);
         exit(1);
         }
       SETCASTPTR(q, dbuffer + qoffset);

Original file line number	Diff line number	Diff line change
`@@ -6839,11 +6839,15 @@ extended if replication is involved). */`
`6839`	`6839`	`needlen = (size_t)((len+1) * code_unit_size);`
`6840`	`6840`	`if (dbuffer == NULL \|\| needlen >= dbuffer_size)`
`6841`	`6841`	`{`
`6842`		`- while (needlen >= dbuffer_size) dbuffer_size *= 2;`
	`6842`	`+ while (needlen >= dbuffer_size)`
	`6843`	`+ {`
	`6844`	`+ if (dbuffer_size < SIZE_MAX/2) dbuffer_size *= 2;`
	`6845`	`+ else dbuffer_size = needlen + 1;`
	`6846`	`+ }`
`6843`	`6847`	`dbuffer = (uint8_t *)realloc(dbuffer, dbuffer_size);`
`6844`	`6848`	`if (dbuffer == NULL)`
`6845`	`6849`	`{`
`6846`		`- fprintf(stderr, "pcre2test: realloc(%d) failed\n", (int)dbuffer_size);`
	`6850`	`+ fprintf(stderr, "pcre2test: realloc(%" SIZ_FORM ") failed\n", dbuffer_size);`
`6847`	`6851`	`exit(1);`
`6848`	`6852`	`}`
`6849`	`6853`	`}`
`@@ -6900,11 +6904,16 @@ while ((c = *p++) != 0)`
`6900`	`6904`	`{`
`6901`	`6905`	`size_t qoffset = CAST8VAR(q) - dbuffer;`
`6902`	`6906`	`size_t rep_offset = start_rep - dbuffer;`
`6903`		`- while (needlen >= dbuffer_size) dbuffer_size *= 2;`
	`6907`	`+ while (needlen >= dbuffer_size)`
	`6908`	`+ {`
	`6909`	`+ if (dbuffer_size < SIZE_MAX/2) dbuffer_size *= 2;`
	`6910`	`+ else dbuffer_size = needlen + 1;`
	`6911`	`+ }`
`6904`	`6912`	`dbuffer = (uint8_t *)realloc(dbuffer, dbuffer_size);`
`6905`	`6913`	`if (dbuffer == NULL)`
`6906`	`6914`	`{`
`6907`		`- fprintf(stderr, "pcre2test: realloc(%d) failed\n", (int)dbuffer_size);`
	`6915`	`+ fprintf(stderr, "pcre2test: realloc(%" SIZ_FORM ") failed\n",`
	`6916`	`+ dbuffer_size);`
`6908`	`6917`	`exit(1);`
`6909`	`6918`	`}`
`6910`	`6919`	`SETCASTPTR(q, dbuffer + qoffset);`