[pcre-dev] [Bug 1705] heap-buffer-overflow in match src/pcre…

Startseite
Nachricht löschen
Autor: admin
Datum:  
To: pcre-dev
Betreff: [pcre-dev] [Bug 1705] heap-buffer-overflow in match src/pcre2_match.c:3321:20
https://bugs.exim.org/show_bug.cgi?id=1705

--- Comment #5 from Giuseppe D'Angelo <dangelog@???> ---
Isn't there a way either to just know (via full_info) if there's a \C in the
pattern? Could it be possible to add it, if not?

(My understanding is that by NOT knowing it, it means that in order to do
global match safely, one must always fully rescan the subject string at the
given starting offset for UTF validity.

A previous match with a \C could've left us with a starting offset in the
middle of a UTF8/16 code point. Since PCRE scans the entire subject string
after the offset -- plus the lookbehind --, this will be very expensive; or,
we'll need to do the check in client code.

With the flag at least one could do the rescan / check the start of the match
only iff a \C is in the pattern. Am I thinking wrong?)

--
You are receiving this mail because:
You are on the CC list for the bug.