https://bugs.exim.org/show_bug.cgi?id=1736
Bug ID: 1736
Summary: heap-buffer-overflow in compile_regex
pcre2_compile.c:7729
Product: PCRE
Version: N/A
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: kcc@???
CC: pcre-dev@???
Found with libFuzzer+AddressSanitizer on fresh trunk
The target function is the same as in bug 1724
==33178==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d00000c687 at pc 0x000000500443 bp 0x7fff07a93b30 sp 0x7fff07a93b28
WRITE of size 1 at 0x61d00000c687 thread T0
#0 0x500442 in compile_regex pcre2_compile.c:7729:5
#1 0x4f8ac1 in pcre2_compile_8 pcre2_compile.c:8679:7
#2 0x4de4ee in LLVMFuzzerTestOneInput
0x61d00000c687 is located 0 bytes to the right of 135-byte region
[0x61d00000c600,0x61d00000c687)
allocated by thread T0 here:
#0 0x4b22eb in malloc
#1 0x4f7dc6 in pcre2_compile_8 pcre2_compile.c:8585:3
#2 0x4de4ee in LLVMFuzzerTestOneInput
Input: 0x9,0x28,0x3f,0x73,0x2d,0x2d,0x78,0x29,0x29,
--
You are receiving this mail because:
You are on the CC list for the bug.
