oniguruma-XXX-CVE-2020-26159.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

From cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0 Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kkosako0@gmail.com>
Date: Mon, 21 Sep 2020 12:58:29 +0900
Subject: [PATCH] #207: Out-of-bounds write

---
 src/regcomp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/regcomp.c b/src/regcomp.c
index f6494b6d..a0a68561 100644
--- a/src/regcomp.c
+++ b/src/regcomp.c
@@ -6257,7 +6257,7 @@ concat_opt_exact_str(OptStr* to, UChar* s, UChar* end, OnigEncoding enc)
 
   for (i = to->len, p = s; p < end && i < OPT_EXACT_MAXLEN; ) {
     len = enclen(enc, p);
-    if (i + len > OPT_EXACT_MAXLEN) break;
+    if (i + len >= OPT_EXACT_MAXLEN) break;
     for (j = 0; j < len && p < end; j++)
       to->s[i++] = *p++;
   }