[pcre-dev] Dynamic symbols common to PCRE and PCRE2 librarie…

Pàgina inicial
Delete this message
Autor: Petr Pisar
Data:  
A: pcre-dev
Assumpte: [pcre-dev] Dynamic symbols common to PCRE and PCRE2 libraries
Hello,

I compared dynamic symbols defined in shared libraries between PCRE and PCRE2
projects. Common symbols are:

regcomp
regerror
regexec
regfree

These are symbols which could clash if one process loaded both old (PCRE)
and new (PCRE2) library. This can happen, for examle, if Apache httpd uses
PCRE while the same httpd uses libpam which dlopens a PAM module which
uses PCRE2. (Or vice versa.) Then the PAM code can easily jump to PCRE's
function instead of PCRE2's one (or the httpd code into PCRE2's function
depending on dynamic linker implementation).

The good news is that the only common symbols (listed above) come from the
POSIX-ish compatibility libraries (libpcreposix.so.0, respectively
libpcre2-posix.so.0). And they are not used frequently. (E.g. Fedora 23
distribution lists 18 software projects using the libpcreposix.so.0, in
contrast to 138 users of libpcre.so.1.) However, there is still some chance.

The mitigation for this issues is either to rename the symbols, or to version
the symbols. Renaming is not feasible if the purpose of the library is to
reimplement a foreign API.

I don't know much about versioning (good introduction is
<http://www.trevorpounds.com/blog/?p=33>). It's not supported on all
platforms. Do you think PCRE(2) should try to tackle this issue by symbol
versioning?

-- Petr