[pcre-dev] [Bug 1638] PCRE Library Call Stack Overflow Vulne…

Top Pagina
Delete this message
Auteur: admin
Datum:  
Aan: pcre-dev
Onderwerp: [pcre-dev] [Bug 1638] PCRE Library Call Stack Overflow Vulnerability in match()
https://bugs.exim.org/show_bug.cgi?id=1638

Zoltan Herczeg <hzmester@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hzmester@???


--- Comment #1 from Zoltan Herczeg <hzmester@???> ---
The PCRE interpreter uses stack for recursion, and the machine stack can be
exhausted with well crafted patterns (those awful left recursive
(?BracketIndex) recursions...). The general solution is correctly setting
match_limit_recursion. PHP should _really_ do this.

However, this particular pattern revealed a bug in the zero length recursion
detector:

re> /^(?:(?(1)x|)+)+$()/B

------------------------------------------------------------------
  0  33 Bra
  3     ^
  4  17 Bra
  7   8 SCond
 10   1 Cond ref
 13     x
 15   3 Alt
 18  11 KetRmax
 21  17 KetRmax
 24     $
 25   5 CBra 1
 30   5 Ket
 33  33 Ket
 36     End
------------------------------------------------------------------


The second Bra (after 4 17) should be SBra.

Anyway, the serious problem is not setting the match_limit_recursion correctly.

--
You are receiving this mail because:
You are on the CC list for the bug.