[pcre-dev] [Bug 952] New: pcre-8.01 may access out of static…

Kezdőlap
Ez az üzenet a következő szál része:
M\a teljes szál-fa dátum szerinti rendezve
MM 
Philip Hazel postázva ->
Üzenet törlése
Szerző: 952
Dátum:  
Címzett: pcre-dev
Új témák: [pcre-dev] [Bug 952] pcre-8.01 may access out of static array in 'make test'.
Tárgy: [pcre-dev] [Bug 952] New: pcre-8.01 may access out of static array in 'make test'.
------- You are receiving this mail because: -------
You are on the CC list for the bug. 

http://bugs.exim.org/show_bug.cgi?id=952
           Summary: pcre-8.01 may access out of static array in 'make test'.
           Product: PCRE
           Version: 8.01
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: security
          Priority: medium
         Component: Code
        AssignedTo: ph10@???
        ReportedBy: katayama@???
                CC: pcre-dev@???



In 'make test', internal_dfa_exec() accesses coptable[] with index 114, but
whoes array length is 113.
This bug was found using Fail-Safe C.
(https://staff.aist.go.jp/y.oiwa/FailSafeC/index-en.html)

$ uname -a
Linux hardy2-gp01 2.6.24-26-server #1 SMP Tue Dec 1 19:19:20 UTC 2009 i686
GNU/Linux
$ gcc -v
Using built-in specs.
Target: i486-linux-gnu
Configured with: ../src/configure -v
--enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr
--enable-shared --with-system-zlib --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix --enable-nls
--with-gxx-include-dir=/usr/include/c++/4.2 --program-suffix=-4.2
--enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr
--enable-targets=all --enable-checking=release --build=i486-linux-gnu
--host=i486-linux-gnu --target=i486-linux-gnu
Thread model: posix
gcc version 4.2.4 (Ubuntu 4.2.4-1ubuntu4)
$ CFLAGS=-g ./configure --disable-shared && make
(snip)
$ gdb pcretest
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(gdb) b pcre_dfa_exec.c:674
Breakpoint 1 at 0x8059dc8: file pcre_dfa_exec.c, line 674.
(gdb) run -q -dfa
Starting program: /home/katayama/work/pcre-8.01/pcretest -q -dfa
re> /(a|(bc)){0,0}?xyz/
data> xyz 

Breakpoint 1, internal_dfa_exec (md=0xbff962f4, this_start_code=0x8094af0 "^",
current_subject=0x80886ad "xyz", start_offset=0,
    offsets=0x8094a10, offsetcount=44, workspace=0xbff96508, wscount=124,
ims=0, rlevel=1, recursing=0) at pcre_dfa_exec.c:674
674         if (coptable[codevalue] > 0)
(gdb) p codevalue
$1 = 114
(gdb) p sizeof(coptable) / sizeof(coptable[0])
$2 = 113
(gdb)



--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

Ezt az üzenetet a következő levelezőlistákra küldték el:
Pcre-dev
Levelezőlista információk | Közeli üzenetek		<-Re: [pcre-dev] Old bug with (*DEFINE) again?[pcre-dev] [Bug 953] New: Visual C++ warning in pcre_globals.c->
Tahini and Hummus and Cumin Development Archives adminisztrátora: cumin AdminsLurker (verzió: 2.3)