[pcre-dev] [Bug 1703] New: global-buffer-overflow in compile…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
admin at ->
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 1703] New: global-buffer-overflow in compile_branch src/pcre2_compile.c:3700
https://bugs.exim.org/show_bug.cgi?id=1703 

            Bug ID: 1703
           Summary: global-buffer-overflow in compile_branch
                    src/pcre2_compile.c:3700
           Product: PCRE
           Version: 10.20 (PCRE2)
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: kcc@???
                CC: pcre-dev@???


Build with asan and feed this data into regcomp:
{0x28,0x2a,0x55,0x43,0x50,0x29,0x24,0x5b,0x5b,0x3a,0x3c,0x3a,0x5d,0x5d,} 

==9371==ERROR: AddressSanitizer: global-buffer-overflow on address
0x00000060a849 at pc 0x00000051d036 bp 0x7ffedaad50f0 sp 0x7ffedaad50e8
READ of size 1 at 0x00000060a849 thread T0
    #0 0x51d035 in compile_branch src/pcre2_compile.c:3700:7
    #1 0x4f16a8 in compile_regex src/pcre2_compile.c:7349:8
    #2 0x4eb4bb in pcre2_compile_8 src/pcre2_compile.c:8303:7
    #3 0x5e4d96 in regcomp src/pcre2posix.c:219:23


0x00000060a849 is located 0 bytes to the right of global variable
'sub_start_of_word' defined in 'src/pcre2_compile.c:389:26' (0x60a840) of size
9
'sub_start_of_word' is ascii string '\b(?=\w)'


Found with libFuzzer+AddressSanitizer.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] JIT is silently off[pcre-dev] [Bug 1704] New: heap-buffer-overflow in compile_branch src/pcre2_compile.c:6323->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)