Prevent integer overflow in regex repetition count

mirror of https://github.com/openbsd/src.git synced 2026-04-17 10:44:28 +00:00

Limit the repetition count to 255 like POSIX does.  Also avoid a
crash when the repetition is the first atom parsed.

From Renaud Allard.

This commit is contained in:

millert

2026-04-02 14:45:03 +00:00

parent 38cd3ff5d2

commit cb64dfb359

1 changed files with 7 additions and 1 deletions

									
										8

usr.bin/awk/b.c
									
												View File
												
				@@ -1,4 +1,4 @@

				/*	$OpenBSD: b.c,v 1.55 2025/02/05 20:32:56 millert Exp $	*/

				/*	$OpenBSD: b.c,v 1.56 2026/04/02 14:45:03 millert Exp $	*/

				/****************************************************************

				Copyright (C) Lucent Technologies 1997

				All Rights Reserved

				@@ -1214,6 +1214,9 @@ replace_repeat(const uschar *reptok, int reptoklen, const uschar *atom,

				static int repeat(const uschar *reptok, int reptoklen, const uschar *atom,

						  int atomlen, int firstnum, int secondnum)

				{

					if (atom == NULL)

						return 0;

					/*

					   In general, the repetition specifier or "bound" is replaced here

					   by an equivalent ERE string, repeating the immediately previous atom

				@@ -1461,6 +1464,9 @@ rescan:

									lastre);

							} else if (isdigit(c)) {

								num = 10 * num + c - '0';

								if (num > _POSIX_RE_DUP_MAX)

									FATAL("repetition count %.20s too large",

										lastre);

								digitfound = true;

							} else if (c == ',') {

								if (commafound)

Prevent integer overflow in regex repetition count

8 usr.bin/awk/b.c Unescape Escape View File

8

usr.bin/awk/b.c

View File