diff options
Diffstat (limited to 'pkgs/development/libraries/pcre/CVE-2016-1283.patch')
| -rw-r--r-- | pkgs/development/libraries/pcre/CVE-2016-1283.patch | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/pkgs/development/libraries/pcre/CVE-2016-1283.patch b/pkgs/development/libraries/pcre/CVE-2016-1283.patch new file mode 100644 index 00000000000..2c2dad29e92 --- /dev/null +++ b/pkgs/development/libraries/pcre/CVE-2016-1283.patch @@ -0,0 +1,18 @@ +Index: pcre_compile.c +=================================================================== +--- a/pcre_compile.c (revision 1635) ++++ b/pcre_compile.c (revision 1636) +@@ -7311,7 +7311,12 @@ + so far in order to get the number. If the name is not found, leave + the value of recno as 0 for a forward reference. */ + +- else ++ /* This patch (removing "else") fixes a problem when a reference is ++ to multiple identically named nested groups from within the nest. ++ Once again, it is not the "proper" fix, and it results in an ++ over-allocation of memory. */ ++ ++ /* else */ + { + ng = cd->named_groups; + for (i = 0; i < cd->names_found; i++, ng++) |