Skip to content

Commit ab61d5c

Browse files
nikicnikic
committed
Backport fix for uaf during pcre jit fallback
Backports parts of https://vcs.pcre.org/pcre2?view=revision&revision=1175 fixing https://bugs.exim.org/show_bug.cgi?id=2453.
1 parent 3322c78 commit ab61d5c

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

ext/pcre/pcre2lib/pcre2_jit_compile.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12321,7 +12321,7 @@ if (SLJIT_UNLIKELY(sljit_get_compiler_error(compiler)))
1232112321
sljit_free_compiler(compiler);
1232212322
SLJIT_FREE(common->optimized_cbracket, allocator_data);
1232312323
SLJIT_FREE(common->private_data_ptrs, allocator_data);
12324-
PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
12324+
PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
1232512325
return PCRE2_ERROR_NOMEMORY;
1232612326
}
1232712327

@@ -12375,7 +12375,7 @@ if (SLJIT_UNLIKELY(sljit_get_compiler_error(compiler)))
1237512375
sljit_free_compiler(compiler);
1237612376
SLJIT_FREE(common->optimized_cbracket, allocator_data);
1237712377
SLJIT_FREE(common->private_data_ptrs, allocator_data);
12378-
PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
12378+
PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
1237912379
return PCRE2_ERROR_NOMEMORY;
1238012380
}
1238112381

@@ -12464,7 +12464,7 @@ while (common->currententry != NULL)
1246412464
sljit_free_compiler(compiler);
1246512465
SLJIT_FREE(common->optimized_cbracket, allocator_data);
1246612466
SLJIT_FREE(common->private_data_ptrs, allocator_data);
12467-
PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
12467+
PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
1246812468
return PCRE2_ERROR_NOMEMORY;
1246912469
}
1247012470
flush_stubs(common);
@@ -12589,7 +12589,7 @@ while (label_addr != NULL)
1258912589
sljit_free_compiler(compiler);
1259012590
if (executable_func == NULL)
1259112591
{
12592-
PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
12592+
PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
1259312593
return PCRE2_ERROR_NOMEMORY;
1259412594
}
1259512595

@@ -12604,7 +12604,7 @@ else
1260412604
/* This case is highly unlikely since we just recently
1260512605
freed a lot of memory. Not impossible though. */
1260612606
sljit_free_code(executable_func);
12607-
PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
12607+
PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
1260812608
return PCRE2_ERROR_NOMEMORY;
1260912609
}
1261012610
memset(functions, 0, sizeof(executable_functions));

0 commit comments

Comments
 (0)