The following C code triggers an AV in pcre_dfa_exec(), followed by an
application crash. I was unable to reproduce this with pcretest, but
this C code triggers the problem reliably.
@Zoltan: This is is not related to my previous report. I tested that the
correct 8 bit functions are called.
Ralf
----------------------
#include <stdio.h>
#include "pcre.h"
int main(int argc, char **argv)
{
pcre *re;
pcre_extra *reExtra;
int e, errCode, errOffset;
int o;
const char *errMsg;
int *WorkSpace;
int nWorkSpace;
o = PCRE_UTF8;
re = pcre_compile ("\\Q\x01\\E", o, &errMsg, &errCode, NULL);
if (re) {
o = PCRE_STUDY_JIT_COMPILE;
reExtra = pcre_study (re, o, &errMsg);
if (reExtra) {
nWorkSpace = 64;
WorkSpace = malloc(nWorkSpace * sizeof(WorkSpace[0]));
o = PCRE_NO_UTF8_CHECK | PCRE_PARTIAL_SOFT | PCRE_PARTIAL_HARD;
e = pcre_dfa_exec(re, reExtra, "\x01\x02", 2, 0,
o, NULL, 0, WorkSpace, nWorkSpace);
printf("%d", e);
free(WorkSpace);
pcre_free_study(reExtra);
}
free(re);
}
return 0;
}
--------------
Trace log:
pcretest_own_code.exe(11112)
Pointer arithmetic in invalid memory in process:
pcretest_own_code.exe(11112) - pcre_dfa_exec.c#788
0x00000000+8.
0x004E60A1 - pcre_dfa_exec.c#788
0x004F14E5 - pcre_dfa_exec.c#3550
0x005477A1 - pcretest_own_code.c#26
0x00552DE7
Pointer arithmetic in invalid memory in process:
pcretest_own_code.exe(11112) - pcre_internal.h#395
0x00000008-8.
0x004E47D8 - pcre_internal.h#395
0x004E60A9 - pcre_dfa_exec.c#789
0x004F14E5 - pcre_dfa_exec.c#3550
0x005477A1 - pcretest_own_code.c#26
0x00552DE7
Pointer arithmetic in invalid memory in process:
pcretest_own_code.exe(11112) - pcre_internal.h#396
0x00000000-8.
0x004E47E7 - pcre_internal.h#396
0x004E60A9 - pcre_dfa_exec.c#789
0x004F14E5 - pcre_dfa_exec.c#3550
0x005477A1 - pcretest_own_code.c#26
0x00552DE7
Pointer arithmetic in invalid memory in process:
pcretest_own_code.exe(11112) - pcre_internal.h#397
0x00000000-1.
0x004E4801 - pcre_internal.h#397
0x004E60A9 - pcre_dfa_exec.c#789
0x004F14E5 - pcre_dfa_exec.c#3550
0x005477A1 - pcretest_own_code.c#26
0x00552DE7
