https://bugs.exim.org/show_bug.cgi?id=1735
Bug ID: 1735
Summary: heap-buffer-overflow in compile_branch
pcre2_compile.c:5550:14
Product: PCRE
Version: N/A
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: kcc@???
CC: pcre-dev@???
Found with libFuzzer+AddressSanitizer on fresh trunk
The target function is the same as in bug 1724
The failure also looks similar, but appears after the fix.
==30512==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d00000d99c at pc 0x000000528eb4 bp 0x7ffc2548f3f0 sp 0x7ffc2548f3e8
READ of size 1 at 0x61d00000d99c thread T0
#0 0x528eb3 in compile_branch pcre2_compile.c:5550:14
#1 0x4fdbf4 in compile_regex pcre2_compile.c:7596:8
#2 0x4f8ac1 in pcre2_compile_8 pcre2_compile.c:8679:7
#3 0x4de4ee in LLVMFuzzerTestOneInput
0x61d00000d99c is located 100 bytes to the left of 176-byte region
[0x61d00000da00,0x61d00000dab0)
allocated by thread T0 here:
#0 0x4b22eb in malloc
#1 0x4f7dc6 in pcre2_compile_8 pcre2_compile.c:8585:3
#2 0x4de4ee in LLVMFuzzerTestOneInput
Input: 0x28,0x29,0x5c,0x51,0x5c,0x45,0x2a,0x5d
--
You are receiving this mail because:
You are on the CC list for the bug.
