[pcre-dev] [Bug 1735] New: heap-buffer-overflow in compile_b…

Top Page
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 1735] New: heap-buffer-overflow in compile_branch pcre2_compile.c:5550:14
https://bugs.exim.org/show_bug.cgi?id=1735

            Bug ID: 1735
           Summary: heap-buffer-overflow in compile_branch
                    pcre2_compile.c:5550:14
           Product: PCRE
           Version: N/A
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: kcc@???
                CC: pcre-dev@???


Found with libFuzzer+AddressSanitizer on fresh trunk
The target function is the same as in bug 1724

The failure also looks similar, but appears after the fix.

==30512==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d00000d99c at pc 0x000000528eb4 bp 0x7ffc2548f3f0 sp 0x7ffc2548f3e8
READ of size 1 at 0x61d00000d99c thread T0
    #0 0x528eb3 in compile_branch pcre2_compile.c:5550:14
    #1 0x4fdbf4 in compile_regex pcre2_compile.c:7596:8
    #2 0x4f8ac1 in pcre2_compile_8 pcre2_compile.c:8679:7
    #3 0x4de4ee in LLVMFuzzerTestOneInput


0x61d00000d99c is located 100 bytes to the left of 176-byte region
[0x61d00000da00,0x61d00000dab0)
allocated by thread T0 here:
    #0 0x4b22eb in malloc 
    #1 0x4f7dc6 in pcre2_compile_8 pcre2_compile.c:8585:3
    #2 0x4de4ee in LLVMFuzzerTestOneInput


Input: 0x28,0x29,0x5c,0x51,0x5c,0x45,0x2a,0x5d

--
You are receiving this mail because:
You are on the CC list for the bug.