https://bugs.exim.org/show_bug.cgi?id=1743
Bug ID: 1743
Summary: Invalid memory accesses in pcretest.c
Product: PCRE
Version: 8.38
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: thomas.lindroth@???
CC: pcre-dev@???
Fuzzing pcre-1 (8.39-RC1 svn r1617) with afl has turned up some invalid memory
accesses in pcretest.c
pattern: /()()()/P
data: \O11000000000
valgrind pcretest
==31320== Memcheck, a memory error detector
==31320== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==31320== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==31320== Command: pcretest
==31320==
PCRE version 8.39-RC1 2015-11-23
re> /()()()/P
data> \O11000000000
==31320== Invalid read of size 4
==31320== at 0x403848: main (pcretest.c:5075)
==31320== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==31320==
==31320==
==31320== Process terminating with default action of signal 11 (SIGSEGV)
==31320== Access not within mapped region at address 0x0
==31320== at 0x403848: main (pcretest.c:5075)
==31320== If you believe this happened as a result of a stack
==31320== overflow in your program's main thread (unlikely but
==31320== possible), you can try to increase the size of the
==31320== main thread stack using the --main-stacksize= flag.
==31320== The main thread stack size used in this run was 8388608.
==31320==
==31320== HEAP SUMMARY:
==31320== in use at exit: 133,043 bytes in 5 blocks
==31320== total heap usage: 5 allocs, 0 frees, 133,043 bytes allocated
==31320==
==31320== LEAK SUMMARY:
==31320== definitely lost: 32,768 bytes in 1 blocks
==31320== indirectly lost: 0 bytes in 0 blocks
==31320== possibly lost: 0 bytes in 0 blocks
==31320== still reachable: 100,275 bytes in 4 blocks
==31320== suppressed: 0 bytes in 0 blocks
==31320== Rerun with --leak-check=full to see details of leaked memory
==31320==
==31320== For counts of detected and suppressed errors, rerun with: -v
==31320== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault
pcretest -C
PCRE version 8.39-RC1 2015-11-23
Compiled with
8-bit support
No UTF-8 support
No Unicode properties support
No just-in-time compiler support
Newline sequence is LF
\R matches all Unicode newlines
Internal link size = 2
POSIX malloc threshold = 10
Parentheses nest limit = 250
Default match limit = 10000000
Default recursion depth limit = 10000000
Match recursion uses stack
--
You are receiving this mail because:
You are on the CC list for the bug.
