------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=757
Summary: pcre_exec() off-by-1 bug
Product: PCRE
Version: N/A
Platform: All
OS/Version: All
Status: NEW
Severity: bug
Priority: high
Component: Code
AssignedTo: ph10@???
ReportedBy: hossein.arefi@???
CC: pcre-dev@???
Version 7.7
Valgrind complained about an error of reading 1 byte beyond end of a buffer in
pcre_exec.c line #4721.
Turned out that the SUPPORT_UTF8 version of the NEXTCHAR macro in
pcre_internal.h will look beyond the end of the subject string while trying to
find the start of the next utf8 character sequence.
Adding a check, as below, fixes the problem:
366c366
< #define NEXTCHAR(p) p++;
---
> #define NEXTCHAR(p, end) p++;
379c379
< #define NEXTCHAR(p) \
---
> #define NEXTCHAR(p, end) \
381c381
< if (utf8) { while((*p & 0xc0) == 0x80) p++; }
---
> if (utf8) { while((p < end) && ((*p & 0xc0) == 0x80)) p++; }
And corresponding macro calls changed in pcre_exec.c:
4686c4686
< { NEXTCHAR(start_match); }
---
> { NEXTCHAR(start_match, end_subject); }
4689c4689
< { NEXTCHAR(start_match); }
---
> { NEXTCHAR(start_match, end_subject); }
4699c4699
< { NEXTCHAR(start_match); }
---
> { NEXTCHAR(start_match, end_subject); }
4721c4721
< { NEXTCHAR(start_match); }
---
> { NEXTCHAR(start_match, end_subject); }
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
