merge revision(s) 55163,55165: [Backport #12420]

* regparse.c (fetch_token_in_cc): raise error if given octal escaped character is too big. [Bug #12420] [Bug #12423] * re.c (unescape_nonascii): scan hex up to only 3 characters. [Bug #12420] [Bug #12423] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@55458 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-06-19 17:35:40 +0000
committer: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-06-19 17:35:40 +0000
commit: 68c4c9d24c30e84bab7595001996457a2b40837a (patch)
tree: 5d016cb0ca54fa35fdebe5d43f9ee345c1fe1822 /regparse.c
parent: 1049e08aa7f2728f97823b868f2eb5071ca4c56b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/regparse.c b/regparse.c
index 094332f90e..cc48945c3c 100644
--- a/regparse.c
+++ b/regparse.c
@@ -3222,7 +3222,7 @@ fetch_token_in_cc(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env)
 	PUNFETCH;
 	prev = p;
 	num = scan_unsigned_octal_number(&p, end, 3, enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
author	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-06-19 17:35:40 +0000
committer	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-06-19 17:35:40 +0000
commit	68c4c9d24c30e84bab7595001996457a2b40837a (patch)
tree	5d016cb0ca54fa35fdebe5d43f9ee345c1fe1822 /regparse.c
parent	1049e08aa7f2728f97823b868f2eb5071ca4c56b (diff)