Backport fix for uaf during pcre jit fallback

author Nikita Popov <nikita.ppv@gmail.com>

Mon, 7 Oct 2019 11:21:36 +0000 (13:21 +0200)

committer Nikita Popov <nikita.ppv@gmail.com>

Mon, 7 Oct 2019 11:23:56 +0000 (13:23 +0200)
author Nikita Popov <nikita.ppv@gmail.com>
Mon, 7 Oct 2019 11:21:36 +0000 (13:21 +0200)
committer Nikita Popov <nikita.ppv@gmail.com>
Mon, 7 Oct 2019 11:23:56 +0000 (13:23 +0200)
diff --git a/ext/pcre/pcre2lib/pcre2_jit_compile.c b/ext/pcre/pcre2lib/pcre2_jit_compile.c

index c491be2917de2d6475f9603675002c5bbffe8cf0..6c317b68d19a6f1e45a7e98c4305cab71504e945 100644 (file)
--- a/ext/pcre/pcre2lib/pcre2_jit_compile.c
+++ b/ext/pcre/pcre2lib/pcre2_jit_compile.c
@@ -12321,7 +12321,7 @@ if (SLJIT_UNLIKELY(sljit_get_compiler_error(compiler)))
    sljit_free_compiler(compiler);
    SLJIT_FREE(common->optimized_cbracket, allocator_data);
    SLJIT_FREE(common->private_data_ptrs, allocator_data);
-  PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
+  PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
    return PCRE2_ERROR_NOMEMORY;
    }
  
@@ -12375,7 +12375,7 @@ if (SLJIT_UNLIKELY(sljit_get_compiler_error(compiler)))
    sljit_free_compiler(compiler);
    SLJIT_FREE(common->optimized_cbracket, allocator_data);
    SLJIT_FREE(common->private_data_ptrs, allocator_data);
-  PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
+  PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
    return PCRE2_ERROR_NOMEMORY;
    }
  
@@ -12464,7 +12464,7 @@ while (common->currententry != NULL)
      sljit_free_compiler(compiler);
      SLJIT_FREE(common->optimized_cbracket, allocator_data);
      SLJIT_FREE(common->private_data_ptrs, allocator_data);
-    PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
+    PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
      return PCRE2_ERROR_NOMEMORY;
      }
    flush_stubs(common);
@@ -12589,7 +12589,7 @@ while (label_addr != NULL)
  sljit_free_compiler(compiler);
  if (executable_func == NULL)
    {
-  PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
+  PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
    return PCRE2_ERROR_NOMEMORY;
    }
  
@@ -12604,7 +12604,7 @@ else
      /* This case is highly unlikely since we just recently
      freed a lot of memory. Not impossible though. */
      sljit_free_code(executable_func);
-    PRIV(jit_free_rodata)(common->read_only_data_head, compiler->allocator_data);
+    PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
      return PCRE2_ERROR_NOMEMORY;
      }
    memset(functions, 0, sizeof(executable_functions));
author	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 7 Oct 2019 11:21:36 +0000 (13:21 +0200)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 7 Oct 2019 11:23:56 +0000 (13:23 +0200)