-const char pcrs_rcs[] = "$Id: pcrs.c,v 1.45 2014/10/18 11:27:04 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/pcrs.c,v $
#include "pcrs.h"
-const char pcrs_h_rcs[] = PCRS_H_VERSION;
-
/*
* Internal prototypes
*/
*********************************************************************/
const char *pcrs_strerror(const int error)
{
+ static char buf[100];
+
if (error != 0)
{
switch (error)
* version. If Privoxy is linked against a newer
* PCRE version all bets are off ...
*/
- default: return "Unknown error. Privoxy out of sync with PCRE?";
+ default:
+ snprintf(buf, sizeof(buf),
+ "Error code %d. For details, check the pcre documentation.",
+ error);
+ return buf;
}
}
/* error >= 0: No error */
}
+#ifdef FUZZ
+/*********************************************************************
+ *
+ * Function : pcrs_compile_fuzzed_replacement
+ *
+ * Description : Wrapper around pcrs_compile_replacement() for
+ * fuzzing purposes.
+ *
+ * Parameters :
+ * 1 : replacement = replacement part of s/// operator
+ * in perl syntax
+ * 2 : errptr = pointer to an integer in which error
+ * conditions can be returned.
+ *
+ * Returns : pcrs_substitute data structure, or NULL if an
+ * error is encountered. In that case, *errptr has
+ * the reason.
+ *
+ *********************************************************************/
+extern pcrs_substitute *pcrs_compile_fuzzed_replacement(const char *replacement, int *errptr)
+{
+ int capturecount = PCRS_MAX_SUBMATCHES; /* XXX: fuzzworthy? */
+ int trivial_flag = 0; /* We don't want to fuzz strncpy() */
+
+ *errptr = 0; /* XXX: Should pcrs_compile_replacement() do this? */
+
+ return pcrs_compile_replacement(replacement, trivial_flag, capturecount, errptr);
+
+}
+#endif
+
+
/*********************************************************************
*
* Function : pcrs_compile_replacement
static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int trivialflag, int capturecount, int *errptr)
{
int i, k, l, quoted;
- size_t length;
char *text;
pcrs_substitute *r;
-
+#ifndef FUZZ
+ size_t length;
+#else
+ static size_t length;
+#endif
i = k = l = quoted = 0;
/*
if (replacement[i] == '$' && !quoted && i < (int)(length - 1))
{
char *symbol, symbols[] = "'`+&";
+ if (l >= PCRS_MAX_SUBMATCHES)
+ {
+ freez(text);
+ freez(r);
+ *errptr = PCRS_WARN_BADREF;
+ return NULL;
+ }
r->block_length[l] = (size_t)(k - r->block_offset[l]);
/* Numerical backreferences */
}
if (r->backref[l] > capturecount)
{
+ freez(text);
+ freez(r);
*errptr = PCRS_WARN_BADREF;
+ return NULL;
}
}
goto plainchar;
}
+ assert(r->backref[l] < PCRS_MAX_SUBMATCHES + 2);
/* Valid and in range? -> record */
- if (r->backref[l] < PCRS_MAX_SUBMATCHES + 2)
+ if ((0 <= r->backref[l]) &&
+ (r->backref[l] < PCRS_MAX_SUBMATCHES + 2) &&
+ (l < PCRS_MAX_SUBMATCHES - 1))
{
r->backref_count[r->backref[l]] += 1;
r->block_offset[++l] = k;
}
else
{
+ freez(text);
+ freez(r);
*errptr = PCRS_WARN_BADREF;
+ return NULL;
}
continue;
}