[pcre-dev] [Bug 1779] New: Segfault in preg_match PHP 7.0.2 …

Startseite
Nachricht löschen
Autor: admin
Datum:  
To: pcre-dev
Betreff: [pcre-dev] [Bug 1779] New: Segfault in preg_match PHP 7.0.2 (stack corruption)
https://bugs.exim.org/show_bug.cgi?id=1779

            Bug ID: 1779
           Summary: Segfault in preg_match PHP 7.0.2 (stack corruption)
           Product: PCRE
           Version: 8.37
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: security
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: cyoung@???
                CC: pcre-dev@???


This pattern seems to be causing stack corruption when testing with php 7.0.2
preg_match() which uses PCRE 8.37: /(?(199999999999999999)(()())())/
$ gdb php
[...]
(gdb) r -r
'preg_match("/(?(199999999999999999)(()())())/","abcdef",$match,PREG_OFFSET_CAPTURE);'
Starting program: /home/spotless/php-tip/php-src-php-7.0.2/sapi/cli/php -r
'preg_match("/(?(199999999999999999)(()())())/","abcdef",$match,PREG_OFFSET_CAPTURE);'

Program received signal SIGBUS, Bus error.
0x00007ffff7f66086 in ?? ()
(gdb) exploitable
/usr/share/gdb/python/gdb/command/exploitable_lib/exploitable.py:99:
UserWarning: GDB v7.10 may not support required Python API
warnings.warn("GDB v{} may not support required Python
API".format(gdb_ver()))
Description: Possible stack corruption
Short description: PossibleStackCorruption (7/22)
Hash: 0c1178206c70e25a83bda38cae6b2cc0.0c1178206c70e25a83bda38cae6b2cc0
Exploitability Classification: EXPLOITABLE
Explanation: GDB generated an error while unwinding the stack and/or the stack
contained return addresses that were not mapped in the inferior's process
address space and/or the stack pointer is pointing to a location outside the
default stack region. These conditions likely indicate stack corruption, which
is generally considered exploitable.
Other tags: AccessViolation (21/22)
(gdb) bt
#0 0x00007ffff7f66086 in ?? ()
#1 0x0000000000000000 in ?? ()

--
You are receiving this mail because:
You are on the CC list for the bug.