[exim-dev] [Bug 405] New: Logic error in pcre.c and pcre_com…

Top Page
Delete this message
Reply to this message
Author: World Wide Web Owner
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 405] New: Logic error in pcre.c and pcre_compile.c
http://www.exim.org/bugzilla/show_bug.cgi?id=405

           Summary: Logic error in pcre.c and pcre_compile.c
           Product: Exim
           Version: 4.63
          Platform: All
               URL: http://bugs.debian.org/397176
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Unfiled
        AssignedTo: ph10@???
        ReportedBy: mh+exim-bugzilla@???
         QAContact: exim-dev@???



Hi,

this is Debian issue #397176, reported by Jochen Voss:

Hello,

recently I came across the following bit of code in the source file
exim4-4.63/src/pcre/pcre.c (function compile_branch, around line
3355):

        /* Condition to test for a numbered subpattern match. We know that
        if a digit follows ( then there will just be digits until ) because
        the syntax was checked in the first pass. */


        else if ((digitab[ptr[1]] && ctype_digit) != 0)
        ...


This is a programming error. The test for digits works by taking the
bitwise (not logical) and between the corresponding entry in 'digitab'
and the mask 'ctype_digit'. The if test should use '&' instead of
'&&'.

The code (including the bug) is duplicated in the file
"pcre_compile.c" around line 2822.

I did not check what the implications of this error are (false
positves only could occur if 'ptr[1]' is a hex digit and these might
be caught earlier in the syntax check?) but probably this should be
fixed anyway.

I hope this helps,
Jochen



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.