[pcre-dev] [Bug 773] New: In utf8 mode pcre_exec.c can read …

Top Page
Delete this message
Author: Alan Lehotsky
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 773] New: In utf8 mode pcre_exec.c can read past the end of a string
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=773
           Summary: In utf8 mode pcre_exec.c can read past the end of a
                    string
           Product: PCRE
           Version: N/A
          Platform: Other
        OS/Version: Windows
            Status: NEW
          Severity: bug
          Priority: low
         Component: Code
        AssignedTo: ph10@???
        ReportedBy: alehotsky@???
                CC: pcre-dev@???



valgrind detected this.

In pcre_exec.c at line 4675 is a loop


           while (start_match < end_subject && *start_match != first_byte)
              { NEXTCHAR(start_match); }


If utf8 is set, the NEXTCHAR macro expands to read start_match[0] after
having incremented start_match. If you've not reached end_subject, AND
you happen to have allocated your string on the edge of addressable memory you
would SEGV.

This is a pretty unlikely scenario - but I thought you'd like to know.

It does look like all four uses of NEXTCHAR are potentially subject to
this problem.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email