[pcre-dev] [Bug 1597] New: JIT compiling buffer overflow iss…

Top Page
Delete this message
Author: Zoltan Herczeg
Date:  
To: pcre-dev
New-Topics: [pcre-dev] [Bug 1597] JIT compiling buffer overflow issue was fixed.
Subject: [pcre-dev] [Bug 1597] New: JIT compiling buffer overflow issue was fixed.
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1597
           Summary: JIT compiling buffer overflow issue was fixed.
           Product: PCRE
           Version: 8.36
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
        AssignedTo: hzmester@???
        ReportedBy: hzmester@???
                CC: pcre-dev@???



PHP users reported that patterns like /(?:a|b|c|d|e)(?R)/ cause buffer
overflow. The reason was invalid computation of JIT read-only data size in
advance. This is not the first bug of the size computation, and I decided to
fully remove it. Instead, the compiler allocates read-only data when it is
necessary, and stores them in a chain list. Hence read-only data is not a
sinlge buffer anymore. This should fix present and future problems as well.

The bug fixed in r1530:
https://lists.exim.org/lurker/message/20150305.085339.b148f0af.en.html

I plan to port the fix on PCRE2 soon.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email