[pcre-dev] [Bug 1739] New: heap-buffer-overflow in compile_b…

Top Page
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 1739] New: heap-buffer-overflow in compile_branch src/pcre2_compile.c:5056
https://bugs.exim.org/show_bug.cgi?id=1739

            Bug ID: 1739
           Summary: heap-buffer-overflow in compile_branch
                    src/pcre2_compile.c:5056
           Product: PCRE
           Version: N/A
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: kcc@???
                CC: pcre-dev@???


Found by the libfuzzer+AddressSanitizer bot,
see e.g. http://104.197.61.218/FAIL-2015-12-03-06-35-44.log
Looks like a recent regressions.

==18460==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6060002207f7 at pc 0x00000052fc11 bp 0x7fff72b4f210 sp 0x7fff72b4f208
READ of size 1 at 0x6060002207f7 thread T0
    #0 0x52fc10 in compile_branch pcre2_compile.c:5056:20
    #1 0x506cfe in compile_regex pcre2_compile.c:7619:8
    #2 0x52a232 in compile_branch pcre2_compile.c:6970:10
    #3 0x506cfe in compile_regex pcre2_compile.c:7619:8
    #4 0x52a232 in compile_branch pcre2_compile.c:6970:10
    #5 0x506cfe in compile_regex pcre2_compile.c:7619:8
    #6 0x501588 in pcre2_compile_8 pcre2_compile.c:8589:7
    #7 0x5e888d in regcomp pcre2posix.c:213:23
    #8 0x4e7c26 in LLVMFuzzerTestOneInput


Input:
0x28,0x2a,0x55,0x54,0x46,0x29,0x43,0x9,0x28,0x28,0x3f,0x3c,0x21,0x27,0x28,0x3f,0x78,0x29,0x21,0x2a,0x48,0x3f,0x20,0x23,0xcc,0x9a,0x5b,0x5e,0x24,0x5d,

Note: this is the target function using just regcomp().

--
You are receiving this mail because:
You are on the CC list for the bug.