[pcre-dev] [Bug 1704] New: heap-buffer-overflow in compile_b…

Startseite
Nachricht löschen
Autor: admin
Datum:  
To: pcre-dev
Betreff: [pcre-dev] [Bug 1704] New: heap-buffer-overflow in compile_branch src/pcre2_compile.c:6323
https://bugs.exim.org/show_bug.cgi?id=1704

            Bug ID: 1704
           Summary: heap-buffer-overflow in compile_branch
                    src/pcre2_compile.c:6323
           Product: PCRE
           Version: 10.20 (PCRE2)
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: kcc@???
                CC: pcre-dev@???


Found with libFuzzer+AddressSanitizer on fresh trunk

Feed the following bytes into regcomp with REG_NOSUB
0x20,0xc0,0x60,0x27,0x33,0x28,0x28,0x70,0x28,0x3f,0x27,0x4b,

==27230==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6040000498f5 at pc 0x00000051cae3 bp 0x7ffd3a848c90 sp 0x7ffd3a848c88
READ of size 1 at 0x6040000498f5 thread T0
    #0 0x51cae2 in compile_branch src/pcre2_compile.c:6323:16
    #1 0x4f1d7c in compile_regex src/pcre2_compile.c:7369:8
    #2 0x5164bf in compile_branch src/pcre2_compile.c:6714:10
    #3 0x4f1d7c in compile_regex src/pcre2_compile.c:7369:8
    #4 0x5164bf in compile_branch src/pcre2_compile.c:6714:10
    #5 0x4f1d7c in compile_regex src/pcre2_compile.c:7369:8
    #6 0x4ec154 in pcre2_compile_8 src/pcre2_compile.c:8323:7
    #7 0x5d8bc5 in regcomp src/pcre2posix.c:219:23
    #8 0x4d59f6 in LLVMFuzzerTestOneInput 


(The buffer is the one passed to regcomp)

--
You are receiving this mail because:
You are on the CC list for the bug.