Want more timely Centmin Mod News Updates?
Become a Member

CentOS 7 Beta Branch update pcre 8.37 for centmin mod .08 beta

Discussion in 'Centmin Mod Github Commits' started by eva2000, May 5, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    54,384
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    11:07 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  2. eva2000

    eva2000 Administrator Staff Member

    54,384
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    11:07 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Pcre 8.37 change log http://pcre.org/original/changelog.txt
    Code:
    ChangeLog for PCRE
    ------------------
    
    Version 8.37 28-April-2015
    --------------------------
    
    1.  When an (*ACCEPT) is triggered inside capturing parentheses, it arranges
        for those parentheses to be closed with whatever has been captured so far.
        However, it was failing to mark any other groups between the hightest
        capture so far and the currrent group as "unset". Thus, the ovector for
        those groups contained whatever was previously there. An example is the
        pattern /(x)|((*ACCEPT))/ when matched against "abcd".
    
    2.  If an assertion condition was quantified with a minimum of zero (an odd
        thing to do, but it happened), SIGSEGV or other misbehaviour could occur.
    
    3.  If a pattern in pcretest input had the P (POSIX) modifier followed by an
        unrecognized modifier, a crash could occur.
    
    4.  An attempt to do global matching in pcretest with a zero-length ovector
        caused a crash.
    
    5.  Fixed a memory leak during matching that could occur for a subpattern
        subroutine call (recursive or otherwise) if the number of captured groups
        that had to be saved was greater than ten.
    
    6.  Catch a bad opcode during auto-possessification after compiling a bad UTF
        string with NO_UTF_CHECK. This is a tidyup, not a bug fix, as passing bad
        UTF with NO_UTF_CHECK is documented as having an undefined outcome.
    
    7.  A UTF pattern containing a "not" match of a non-ASCII character and a
        subroutine reference could loop at compile time. Example: /[^\xff]((?1))/.
    
    8. When a pattern is compiled, it remembers the highest back reference so that
       when matching, if the ovector is too small, extra memory can be obtained to
       use instead. A conditional subpattern whose condition is a check on a
       capture having happened, such as, for example in the pattern
       /^(?:(a)|b)(?(1)A|B)/, is another kind of back reference, but it was not
       setting the highest backreference number. This mattered only if pcre_exec()
       was called with an ovector that was too small to hold the capture, and there
       was no other kind of back reference (a situation which is probably quite
       rare). The effect of the bug was that the condition was always treated as
       FALSE when the capture could not be consulted, leading to a incorrect
       behaviour by pcre_exec(). This bug has been fixed.
    
    9. A reference to a duplicated named group (either a back reference or a test
       for being set in a conditional) that occurred in a part of the pattern where
       PCRE_DUPNAMES was not set caused the amount of memory needed for the pattern
       to be incorrectly calculated, leading to overwriting.
    
    10. A mutually recursive set of back references such as (\2)(\1) caused a
        segfault at study time (while trying to find the minimum matching length).
        The infinite loop is now broken (with the minimum length unset, that is,
        zero).
    
    11. If an assertion that was used as a condition was quantified with a minimum
        of zero, matching went wrong. In particular, if the whole group had
        unlimited repetition and could match an empty string, a segfault was
        likely. The pattern (?(?=0)?)+ is an example that caused this. Perl allows
        assertions to be quantified, but not if they are being used as conditions,
        so the above pattern is faulted by Perl. PCRE has now been changed so that
        it also rejects such patterns.
    
    12. A possessive capturing group such as (a)*+ with a minimum repeat of zero
        failed to allow the zero-repeat case if pcre2_exec() was called with an
        ovector too small to capture the group.
    
    13. Fixed two bugs in pcretest that were discovered by fuzzing and reported by
        Red Hat Product Security:
    
        (a) A crash if /K and /F were both set with the option to save the compiled
        pattern.
    
        (b) Another crash if the option to print captured substrings in a callout
        was combined with setting a null ovector, for example \O\C+ as a subject
        string.
    
    14. A pattern such as "((?2){0,1999}())?", which has a group containing a
        forward reference repeated a large (but limited) number of times within a
        repeated outer group that has a zero minimum quantifier, caused incorrect
        code to be compiled, leading to the error "internal error:
        previously-checked referenced subpattern not found" when an incorrect
        memory address was read. This bug was reported as "heap overflow",
        discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number
        CVE-2015-2325.
    
    23. A pattern such as "((?+1)(\1))/" containing a forward reference subroutine
        call within a group that also contained a recursive back reference caused
        incorrect code to be compiled. This bug was reported as "heap overflow",
        discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE
        number CVE-2015-2326.
    
    24. Computing the size of the JIT read-only data in advance has been a source
        of various issues, and new ones are still appear unfortunately. To fix
        existing and future issues, size computation is eliminated from the code,
        and replaced by on-demand memory allocation.
    
    25. A pattern such as /(?i)[A-`]/, where characters in the other case are
        adjacent to the end of the range, and the range contained characters with
        more than one other case, caused incorrect behaviour when compiled in UTF
        mode. In that example, the range a-j was left out of the class.
    
    26. Fix JIT compilation of conditional blocks, which assertion
        is converted to (*FAIL). E.g: /(?(?!))/.
    
    27. The pattern /(?(?!)^)/ caused references to random memory. This bug was
        discovered by the LLVM fuzzer.
    
    28. The assertion (?!) is optimized to (*FAIL). This was not handled correctly
        when this assertion was used as a condition, for example (?(?!)a|b). In
        pcre2_match() it worked by luck; in pcre2_dfa_match() it gave an incorrect
        error about an unsupported item.
    
    29. For some types of pattern, for example /Z*(|d*){216}/, the auto-
        possessification code could take exponential time to complete. A recursion
        depth limit of 1000 has been imposed to limit the resources used by this
        optimization.
    
    30. A pattern such as /(*UTF)[\S\V\H]/, which contains a negated special class
        such as \S in non-UCP mode, explicit wide characters (> 255) can be ignored
        because \S ensures they are all in the class. The code for doing this was
        interacting badly with the code for computing the amount of space needed to
        compile the pattern, leading to a buffer overflow. This bug was discovered
        by the LLVM fuzzer.
    
    31. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
        other kinds of group caused stack overflow at compile time. This bug was
        discovered by the LLVM fuzzer.
    
    32. A pattern such as /(?1)(?#?'){8}(a)/ which had a parenthesized comment
        between a subroutine call and its quantifier was incorrectly compiled,
        leading to buffer overflow or other errors. This bug was discovered by the
        LLVM fuzzer.
    
    33. The illegal pattern /(?(?<E>.*!.*)?)/ was not being diagnosed as missing an
        assertion after (?(. The code was failing to check the character after
        (?(?< for the ! or = that would indicate a lookbehind assertion. This bug
        was discovered by the LLVM fuzzer.
    
    34. A pattern such as /X((?2)()*+){2}+/ which has a possessive quantifier with
        a fixed maximum following a group that contains a subroutine reference was
        incorrectly compiled and could trigger buffer overflow. This bug was
        discovered by the LLVM fuzzer.
    
    35. A mutual recursion within a lookbehind assertion such as (?<=((?2))((?1)))
        caused a stack overflow instead of the diagnosis of a non-fixed length
        lookbehind assertion. This bug was discovered by the LLVM fuzzer.
    
    36. The use of \K in a positive lookbehind assertion in a non-anchored pattern
        (e.g. /(?<=\Ka)/) could make pcregrep loop.
    
    37. There was a similar problem to 36 in pcretest for global matches.
    
    38. If a greedy quantified \X was preceded by \C in UTF mode (e.g. \C\X*),
        and a subsequent item in the pattern caused a non-match, backtracking over
        the repeated \X did not stop, but carried on past the start of the subject,
        causing reference to random memory and/or a segfault. There were also some
        other cases where backtracking after \C could crash. This set of bugs was
        discovered by the LLVM fuzzer.
    
    39. The function for finding the minimum length of a matching string could take
        a very long time if mutual recursion was present many times in a pattern,
        for example, /((?2){73}(?2))((?1))/. A better mutual recursion detection
        method has been implemented. This infelicity was discovered by the LLVM
        fuzzer.
    
    40. Static linking against the PCRE library using the pkg-config module was
        failing on missing pthread symbols.