[pcre-dev] [Bug 1236] Potential buffer overflow of ovector i…

Etusivu
Poista viesti
Lähettäjä: Philip Hazel
Päiväys:  
Vastaanottaja: pcre-dev
Aihe: [pcre-dev] [Bug 1236] Potential buffer overflow of ovector in pcre_exec()
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1236

Philip Hazel <ph10@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED





--- Comment #2 from Philip Hazel <ph10@???> 2012-04-21 19:13:20 ---
Thank you for the nice clear test case. I have fixed the bug in pcre_exec.c
(just a few characters!) and committed the patched file (SVN 963). I have also
updated the test system and the tests so that this error (if it happens again)
will be picked up by valgrind. The trivial patch that fixes the bug is this:


--- pcre_exec.c.ORIG    2012-04-21 19:10:55.000000000 +0100
+++ pcre_exec.c 2012-04-21 19:11:12.000000000 +0100
@@ -6887,7 +6887,7 @@
     {
     register int *iptr, *iend;
     int resetcount = 2 + re->top_bracket * 2;
-    if (resetcount > offsetcount) resetcount = ocount;
+    if (resetcount > offsetcount) resetcount = offsetcount;
     iptr = offsets + md->end_offset_top;
     iend = offsets + resetcount;
     while (iptr < iend) *iptr++ = -1;


The bug was provoked by having back references that were greater than the
ovector could hold, and an unused highest capturing parens.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email