[pcre-dev] [Bug 1236] Potential buffer overflow of ovector i…

トップ ページ
このメッセージを削除
著者: Philip Hazel
日付:  
To: pcre-dev
題目: [pcre-dev] [Bug 1236] Potential buffer overflow of ovector in pcre_exec()
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1236

Philip Hazel <ph10@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED





--- Comment #2 from Philip Hazel <ph10@???> 2012-04-21 19:13:20 ---
Thank you for the nice clear test case. I have fixed the bug in pcre_exec.c
(just a few characters!) and committed the patched file (SVN 963). I have also
updated the test system and the tests so that this error (if it happens again)
will be picked up by valgrind. The trivial patch that fixes the bug is this:


--- pcre_exec.c.ORIG    2012-04-21 19:10:55.000000000 +0100
+++ pcre_exec.c 2012-04-21 19:11:12.000000000 +0100
@@ -6887,7 +6887,7 @@
     {
     register int *iptr, *iend;
     int resetcount = 2 + re->top_bracket * 2;
-    if (resetcount > offsetcount) resetcount = ocount;
+    if (resetcount > offsetcount) resetcount = offsetcount;
     iptr = offsets + md->end_offset_top;
     iend = offsets + resetcount;
     while (iptr < iend) *iptr++ = -1;


The bug was provoked by having back references that were greater than the
ovector could hold, and an unused highest capturing parens.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email