[pcre-dev] [Bug 1591] PCRE Library Heap Overflow Vulnerabili…

Startseite
Nachricht löschen
Autor: Philip Hazel
Datum:  
To: pcre-dev
Betreff: [pcre-dev] [Bug 1591] PCRE Library Heap Overflow Vulnerability
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1591

Philip Hazel <ph10@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED





--- Comment #1 from Philip Hazel <ph10@???> 2015-02-28 11:54:00 ---
Thank you for reporting this. On my Linux box an attempt to compile these
patterns gives the error "internal error: previously-checked referenced
subpattern not found" rather than any memory crash. However, I am sure this is
the same bug, provoked by a group containing a forward reference repeated a
large (but limited) number of times within a repeated outer group that has a
zero minimum quantifier. The inner group had to extend the workspace for
remembering forward references, which the outer group was not prepared for.
This problem existed in both PCRE1 and PCRE2. I have mended the bug in both
APIs and committed the patches so the fixes will be in the next releases.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email