https://bugs.exim.org/show_bug.cgi?id=1703
Bug ID: 1703
Summary: global-buffer-overflow in compile_branch
src/pcre2_compile.c:3700
Product: PCRE
Version: 10.20 (PCRE2)
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: kcc@???
CC: pcre-dev@???
Build with asan and feed this data into regcomp:
{0x28,0x2a,0x55,0x43,0x50,0x29,0x24,0x5b,0x5b,0x3a,0x3c,0x3a,0x5d,0x5d,}
==9371==ERROR: AddressSanitizer: global-buffer-overflow on address
0x00000060a849 at pc 0x00000051d036 bp 0x7ffedaad50f0 sp 0x7ffedaad50e8
READ of size 1 at 0x00000060a849 thread T0
#0 0x51d035 in compile_branch src/pcre2_compile.c:3700:7
#1 0x4f16a8 in compile_regex src/pcre2_compile.c:7349:8
#2 0x4eb4bb in pcre2_compile_8 src/pcre2_compile.c:8303:7
#3 0x5e4d96 in regcomp src/pcre2posix.c:219:23
0x00000060a849 is located 0 bytes to the right of global variable
'sub_start_of_word' defined in 'src/pcre2_compile.c:389:26' (0x60a840) of size
9
'sub_start_of_word' is ascii string '\b(?=\w)'
Found with libFuzzer+AddressSanitizer.
--
You are receiving this mail because:
You are on the CC list for the bug.
