[pcre-dev] [Bug 1638] PCRE Library Call Stack Overflow Vulne…

Page principale
Supprimer ce message
Auteur: admin
Date:  
À: pcre-dev
Sujet: [pcre-dev] [Bug 1638] PCRE Library Call Stack Overflow Vulnerability in match()
https://bugs.exim.org/show_bug.cgi?id=1638

--- Comment #4 from Zoltan Herczeg <hzmester@???> ---
> It does not seem to be a problem of PHP.


Trust me it is.

It is true, that you found a bug in PCRE, but the stack overflow is caused by
not setting the match_limit_recursion variable. This variable limits the depth
of pcre stack recursion.

Consider the following pattern:

/((){4096}a)+/

For each 'a', it allocates around a megabyte of stack. PCRE has no idea about
the available stack size without external help, so it does what you ask it to
do: allocates stack.

Match this to a long sequence of 'a'-s. You get the same stack error.

PHP devs want to push this back to the user: "One should really not feed pcre
with custom inputs :)". Don't execute user stuff is not the best viewpoint
about security, but several projects follows this approach. You can likely
cause stack overflow with recursive calls in php as well.

JIT is probably the best answer for all stack errors. It uses an own memory
space for recursion, and never leaves that space.

--
You are receiving this mail because:
You are on the CC list for the bug.