https://bugs.exim.org/show_bug.cgi?id=1738
Bug ID: 1738
Summary: heap-buffer-overflow in compile_branch
pcre2_compile.c:6412 and pcre2_compile.c:6579
Product: PCRE
Version: N/A
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: kcc@???
CC: pcre-dev@???
Found with libFuzzer+AddressSanitizer on fresh trunk
The target function is the same as in bug 1724
(with PCRE2_NO_UTF_CHECK masked out)
Two slightly different reports:
==25200==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60700000d656 at pc 0x000000527e51 bp 0x7fffb1bacaf0 sp 0x7fffb1bacae8
READ of size 1 at 0x60700000d656 thread T0
#0 0x527e50 in compile_branch pcre2_compile.c:6579:16
#1 0x4fdc04 in compile_regex pcre2_compile.c:7614:8
#2 0x4f7c0b in pcre2_compile_8 pcre2_compile.c:8584:7
#3 0x4de4fc in LLVMFuzzerTestOneInput
Input:
0x8a,0x2b,0x66,0x7c,0x3b,0x54,0x3f,0x28,0x2a,0x3a,0x3b,0x2e,0x27,0x3f,0x60,0x28,0xea,0x70,0x20,0x29,0x7b,0x21,0x5b,0x5e,0x28,0x29,0x5c,0x68,0x21,0x79,0x2a,0x27,0x27,0x43,0x2a,0x28,0x3f,0x27,0x3b,0x5d,0x7b,0x31,0x3b,0x28,0x8,
==24455==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60800000bef7 at pc 0x000000527f38 bp 0x7ffe42376b50 sp 0x7ffe42376b48
READ of size 1 at 0x60800000bef7 thread T0
#0 0x527f37 in compile_branch pcre2_compile.c:6412:18
#1 0x4fdc04 in compile_regex pcre2_compile.c:7614:8
#2 0x4f7c0b in pcre2_compile_8 pcre2_compile.c:8584:7
#3 0x4de4fc in LLVMFuzzerTestOneInput
Input:
0x28,0x3f,0x3c,0x21,0x47,0x27,0x4d,0x72,0x28,0x3d,0x29,0x28,0x2a,0x3a,0x54,0x28,0x2a,0x25,0x28,0x28,0xc,0xba,0x21,0xa9,0x2d,0x3b,0x47,0xd,0x29,0x27,0x7a,0x5b,0x3a,0x27,0x27,0x28,0x5e,0x68,0x28,0x29,0x28,0x3f,0x3c,0x5d,0x3d,
--
You are receiving this mail because:
You are on the CC list for the bug.
