[pcre-dev] [Bug 1638] PCRE Library Call Stack Overflow Vulne…

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMadmin at <-
admin at ->
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 1638] PCRE Library Call Stack Overflow Vulnerability in match()
https://bugs.exim.org/show_bug.cgi?id=1638

Zoltan Herczeg <hzmester@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hzmester@???


--- Comment #1 from Zoltan Herczeg <hzmester@???> ---
The PCRE interpreter uses stack for recursion, and the machine stack can be
exhausted with well crafted patterns (those awful left recursive
(?BracketIndex) recursions...). The general solution is correctly setting
match_limit_recursion. PHP should _really_ do this.

However, this particular pattern revealed a bug in the zero length recursion
detector:

re> /^(?:(?(1)x|)+)+$()/B
------------------------------------------------------------------
  0  33 Bra
  3     ^
  4  17 Bra
  7   8 SCond
 10   1 Cond ref
 13     x
 15   3 Alt
 18  11 KetRmax
 21  17 KetRmax
 24     $
 25   5 CBra 1
 30   5 Ket
 33  33 Ket
 36     End
------------------------------------------------------------------


The second Bra (after 4 17) should be SBra.

Anyway, the serious problem is not setting the match_limit_recursion correctly.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] [Bug 1638] New: PCRE Library Call Stack Overflow Vulnerability in match()[pcre-dev] \l issue->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)