From c3113037b005d5e837e9785f624e67bf9de9aafe Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 10 Aug 2018 17:12:19 +0000
Subject: [PATCH] Avoid NULL ptr deref crash if pcre_study returns NULL. Fixes
 #1302

---
 service_scan.cc | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/service_scan.cc b/service_scan.cc
index ca6bd15e5..ff2ce4c38 100644
--- a/service_scan.cc
+++ b/service_scan.cc
@@ -485,10 +485,19 @@ void ServiceProbeMatch::InitMatch(const char *matchtext, int lineno) {
     fatal("%s: illegal regexp on line %d of nmap-service-probes (at regexp offset %d): %s\n", __func__, lineno, pcre_erroffset, pcre_errptr);
 
   // Now study the regexp for greater efficiency
-  regex_extra = pcre_study(regex_compiled, 0, &pcre_errptr);
+  regex_extra = pcre_study(regex_compiled, 0
+#ifdef PCRE_STUDY_EXTRA_NEEDED
+  | PCRE_STUDY_EXTRA_NEEDED
+#endif
+  , &pcre_errptr);
   if (pcre_errptr != NULL)
     fatal("%s: failed to pcre_study regexp on line %d of nmap-service-probes: %s\n", __func__, lineno, pcre_errptr);
 
+  if (!regex_extra) {
+    regex_extra = (pcre_extra *) pcre_malloc(sizeof(pcre_extra));
+    memset(regex_extra, 0, sizeof(pcre_extra));
+  }
+
   // Set some limits to avoid evil match cases.
   // These are flexible; if they cause problems, increase them.
 #ifdef PCRE_ERROR_MATCHLIMIT