[pcre-dev] [Bug 1736] New: heap-buffer-overflow in compile_regex pcre2

Author: admin
Date:
To: pcre-dev
Subject: [pcre-dev] [Bug 1736] New: heap-buffer-overflow in compile_regex pcre2_compile.c:7729

https://bugs.exim.org/show_bug.cgi?id=1736

            Bug ID: 1736
           Summary: heap-buffer-overflow in compile_regex
                    pcre2_compile.c:7729
           Product: PCRE
           Version: N/A
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: kcc@???
                CC: pcre-dev@???

Found with libFuzzer+AddressSanitizer on fresh trunk
The target function is the same as in bug 1724

==33178==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d00000c687 at pc 0x000000500443 bp 0x7fff07a93b30 sp 0x7fff07a93b28
WRITE of size 1 at 0x61d00000c687 thread T0
    #0 0x500442 in compile_regex pcre2_compile.c:7729:5
    #1 0x4f8ac1 in pcre2_compile_8 pcre2_compile.c:8679:7
    #2 0x4de4ee in LLVMFuzzerTestOneInput

0x61d00000c687 is located 0 bytes to the right of 135-byte region
[0x61d00000c600,0x61d00000c687)
allocated by thread T0 here:
    #0 0x4b22eb in malloc 
    #1 0x4f7dc6 in pcre2_compile_8 pcre2_compile.c:8585:3
    #2 0x4de4ee in LLVMFuzzerTestOneInput

Input: 0x9,0x28,0x3f,0x73,0x2d,0x2d,0x78,0x29,0x29,

--
You are receiving this mail because:
You are on the CC list for the bug.

This message is part of the following thread:
	the complete thread tree sorted by date

	admin at

[pcre-dev] [Bug 1736] New: heap-buffer-overflow in compile_r…