--- /dev/null
+diff -NurdB gnumeric-1.4.3/src/cut-n-paste-code/goffice/cut-n-paste/pcre/pcre.c gnumeric-1.4.3-patched/src/cut-n-paste-code/goffice/cut-n-paste/pcre/pcre.c
+--- gnumeric-1.4.3/src/cut-n-paste-code/goffice/cut-n-paste/pcre/pcre.c 2004-10-29 13:13:19.000000000 -0500
++++ gnumeric-1.4.3-patched/src/cut-n-paste-code/goffice/cut-n-paste/pcre/pcre.c 2005-09-01 01:22:28.000000000 -0500
+@@ -1062,7 +1062,18 @@
+ int min = 0;
+ int max = -1;
+
++/* Read the minimum value and do a paranoid check: a negative value indicates
++an integer overflow. */
++
+ while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
++if (min < 0 || min > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
++
++/* Read the maximum value if there is one, and again do a paranoid on its size.
++Also, max must not be less than min. */
+
+ if (*p == '}') max = min; else
+ {
+@@ -1070,6 +1081,11 @@
+ {
+ max = 0;
+ while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++ if (max < 0 || max > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
+ if (max < min)
+ {
+ *errorptr = ERR4;
+@@ -1078,16 +1094,10 @@
+ }
+ }
+
+-/* Do paranoid checks, then fill in the required variables, and pass back the
+-pointer to the terminating '}'. */
++/* Fill in the required variables, and pass back the pointer to the terminating '}'. */
+
+-if (min > 65535 || max > 65535)
+- *errorptr = ERR5;
+-else
+- {
+- *minp = min;
+- *maxp = max;
+- }
++*minp = min;
++*maxp = max;
+ return p;
+ }
+
+@@ -4128,6 +4138,7 @@
+ BOOL class_utf8;
+ #endif
+ BOOL inescq = FALSE;
++BOOL capturing;
+ unsigned int brastackptr = 0;
+ size_t size;
+ uschar *code;
+@@ -4543,6 +4554,7 @@
+ case '(':
+ branch_newextra = 0;
+ bracket_length = 1 + LINK_SIZE;
++ capturing = FALSE;
+
+ /* Handle special forms of bracket, which all start (? */
+
+@@ -4630,6 +4642,9 @@
+
+ case 'P':
+ ptr += 3;
++
++ /* Handle the definition of a named subpattern */
++
+ if (*ptr == '<')
+ {
+ const uschar *p; /* Don't amalgamate; some compilers */
+@@ -4642,9 +4657,12 @@
+ }
+ name_count++;
+ if (ptr - p > max_name_size) max_name_size = (ptr - p);
++ capturing = TRUE; /* Named parentheses are always capturing */
+ break;
+ }
+
++ /* Handle back references and recursive calls to named subpatterns */
++
+ if (*ptr == '=' || *ptr == '>')
+ {
+ while ((compile_block.ctypes[*(++ptr)] & ctype_word) != 0);
+@@ -4819,18 +4837,24 @@
+ continue;
+ }
+
+- /* If options were terminated by ':' control comes here. Fall through
+- to handle the group below. */
++ /* If options were terminated by ':' control comes here. This is a
++ non-capturing group with an options change. There is nothing more that
++ needs to be done because "capturing" is already set FALSE by default;
++ we can just fall through. */
++
+ }
+ }
+
+- /* Extracting brackets must be counted so we can process escapes in a
+- Perlish way. If the number exceeds EXTRACT_BASIC_MAX we are going to
+- need an additional 3 bytes of store per extracting bracket. However, if
+- PCRE_NO_AUTO)CAPTURE is set, unadorned brackets become non-capturing, so we
+- must leave the count alone (it will aways be zero). */
++ /* Ordinary parentheses, not followed by '?', are capturing unless
++ PCRE_NO_AUTO_CAPTURE is set. */
+
+- else if ((options & PCRE_NO_AUTO_CAPTURE) == 0)
++ else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0;
++
++ /* Capturing brackets must be counted so we can process escapes in a
++ Perlish way. If the number exceeds EXTRACT_BASIC_MAX we are going to need
++ an additional 3 bytes of memory per capturing bracket. */
++
++ if (capturing)
+ {
+ bracount++;
+ if (bracount > EXTRACT_BASIC_MAX) bracket_length += 3;
projects / packages / gnumeric.git / commitdiff