[pcre-dev] [Bug 757] pcre_exec() off-by-1 bug

Top Page
Delete this message
Author: Philip Hazel
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 757] pcre_exec() off-by-1 bug
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=757




--- Comment #1 from Philip Hazel <ph10@???> 2008-09-04 09:37:04 ---
On Wed, 3 Sep 2008, Hossein Arefi wrote:

> Version 7.7
>
> Valgrind complained about an error of reading 1 byte beyond end of a buffer in
> pcre_exec.c line #4721.
>
> Turned out that the SUPPORT_UTF8 version of the NEXTCHAR macro in
> pcre_internal.h will look beyond the end of the subject string while trying to
> find the start of the next utf8 character sequence.


Thanks for your report and patch. BUT ...

Please try with the 7.8-RC1 release candidate that I put out a week ago.
You will find it here:

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/pcre-7.8-RC1.tar.gz
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/pcre-7.8-RC1.tar.bz2
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/pcre-7.8-RC1.zip

The NEXTCHAR macro has been abolished in this new release. These are the
ChangeLog entries:

12. For a pattern where the match had to start at the beginning or immediately
    after a newline (e.g /.*anything/ without the DOTALL flag), pcre_exec() and
    pcre_dfa_exec() could read past the end of the passed subject if there was
    no match. To help with detecting such bugs (e.g. with valgrind), I modified
    pcretest so that it places the subject at the end of its malloc-ed buffer.


13. The change to pcretest in 12 above threw up a couple more cases when pcre_
    exec() might read past the end of the data buffer in UTF-8 mode.


Regards,
Philip


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email