alternative "fix" for potential integer overflow

Break the check in two to better protect from overflow in systems where a 64bit integer might not easily available and that have a 32bit PCRE2_SIZE. Fixes: PCRE2Project#117
carenas · Dec 28, 2022 · 8c0e3fe · 8c0e3fe
1 parent 0746b3d
commit 8c0e3fe
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
@@ -7117,18 +7117,24 @@ for (;; pptr++)
 
         if (lengthptr != NULL)
           {
-          PCRE2_SIZE delta = replicate*(1 + LINK_SIZE);
-          if ((INT64_OR_DOUBLE)replicate*
-                (INT64_OR_DOUBLE)(1 + LINK_SIZE) >
-                  (INT64_OR_DOUBLE)INT_MAX ||
-              OFLOW_MAX - *lengthptr < delta)
+          PCRE2_SIZE delta;
+
+	  if (replicate > INT_MAX / (1 + LINK_SIZE))
+	    {
+	    *errorcodeptr = ERR20;
+	    return 0;
+	    }
+
+	  delta = replicate*(1 + LINK_SIZE);
+
+          if (OFLOW_MAX - *lengthptr < delta)
             {
             *errorcodeptr = ERR20;
             return 0;
             }
+
           *lengthptr += delta;
           }
-
         else for (int i = 0; i < replicate; i++)
           {
           memcpy(code, previous, CU2BYTES(1 + LINK_SIZE));