From a05e11ff3a663c06e0a30dfa86aa7ed4544a6008 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 11 Apr 2014 13:41:13 +0200
Subject: [PATCH] Do not rely on wrapping signed integer while parseing
 {min,max}
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed integer overflow is not defined in C language. GCC 4.9 bails
out here.

Signed-off-by: Petr Písař <ppisar@redhat.com>
---
 pcre_compile.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/pcre_compile.c b/pcre_compile.c
index 8a5b723..ce65058 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -1586,11 +1586,15 @@ int max = -1;
 /* Read the minimum value and do a paranoid check: a negative value indicates
 an integer overflow. */
 
-while (IS_DIGIT(*p)) min = min * 10 + (int)(*p++ - CHAR_0);
-if (min < 0 || min > 65535)
+while (IS_DIGIT(*p))
   {
-  *errorcodeptr = ERR5;
-  return p;
+  min = min * 10 + (int)(*p++ - CHAR_0);
+  if (min > 65535)
+    {
+    *errorcodeptr = ERR5;
+    while (*p != CHAR_RIGHT_CURLY_BRACKET) p++;
+    return p;
+    }
   }
 
 /* Read the maximum value if there is one, and again do a paranoid on its size.
@@ -1601,11 +1605,15 @@ if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
   if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
     {
     max = 0;
-    while(IS_DIGIT(*p)) max = max * 10 + (int)(*p++ - CHAR_0);
-    if (max < 0 || max > 65535)
+    while(IS_DIGIT(*p))
       {
-      *errorcodeptr = ERR5;
-      return p;
+      max = max * 10 + (int)(*p++ - CHAR_0);
+      if (max > 65535)
+        {
+        *errorcodeptr = ERR5;
+        while (*p != CHAR_RIGHT_CURLY_BRACKET) p++;
+        return p;
+        }
       }
     if (max < min)
       {
-- 
1.9.0