libpcre2 : Follow up fix CVE-2022-1586

CVE-2022-1586 was originally fixed by OE commit
https://github.com/openembedded/openembedded-core/commit/7f4daf88b71f
through libpcre2 commit
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e672

The follow up patch is required to resolve a bug in the initial fix[50a51cb7e672]
https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-1586
https://security-tracker.debian.org/tracker/CVE-2022-1586

(From OE-Core rev: 7e2fe508b456207fd991ece7621ef8ba24b89e59)

Signed-off-by: Shinu Chandran <shinucha@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

1 files changed, 30 insertions, 0 deletions

diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch
new file mode 100644
index 0000000000..42ee417fe7
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch
@@ -0,0 +1,30 @@
+From 5d1e62b0155292b994aa1c96d4ed8ce4346ef4c2 Mon Sep 17 00:00:00 2001
+From: Zoltan Herczeg <hzmester@freemail.hu>
+Date: Thu, 24 Mar 2022 05:34:42 +0000
+Subject: [PATCH] Fix incorrect value reading in JIT.
+
+CVE: CVE-2022-1586
+Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3]
+
+(cherry picked from commit d4fa336fbcc388f89095b184ba6d99422cfc676c)
+Signed-off-by: Shinu Chandran <shinucha@cisco.com>
+---
+ src/pcre2_jit_compile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
+index 493c96d..fa57942 100644
+--- a/src/pcre2_jit_compile.c
++++ b/src/pcre2_jit_compile.c
+@@ -7188,7 +7188,7 @@ while (*cc != XCL_END)
+     {
+     SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP);
+     cc++;
+-    if (*cc == PT_CLIST && *cc == XCL_PROP)
++    if (*cc == PT_CLIST && cc[-1] == XCL_PROP)
+       {
+       other_cases = PRIV(ucd_caseless_sets) + cc[1];
+       while (*other_cases != NOTACHAR)
+-- 
+2.25.1
+