Bug 700429: Limit size of input regular expression program.

The size of the parsed syntax list could overflow. Allowing it to be bigger than the compiled program makes no sense, so use the same size limit when parsing as when compiling.
2026-02-05 17:29:43 +08:00 · 2019-01-02 16:01:32 +01:00
parent 93447649b5
commit 7f50591861
1 changed files with 2 additions and 0 deletions
--- a/regexp.c
+++ b/regexp.c
@@ -836,6 +836,8 @@ Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
 	if (!g.prog)
 		die(&g, "cannot allocate regular expression");
 	n = strlen(pattern) * 2;
+	if (n > MAXPROG)
+		die(&g, "program too large");
 	if (n > 0) {
 		g.pstart = g.pend = alloc(ctx, NULL, sizeof (Renode) * n);
 		if (!g.pstart)