[pcre-dev] [Bug 1854] Null pointer dereference in pcretest

Startseite
Nachricht löschen
Autor: admin
Datum:  
To: pcre-dev
Betreff: [pcre-dev] [Bug 1854] Null pointer dereference in pcretest
https://bugs.exim.org/show_bug.cgi?id=1854

--- Comment #8 from bshastry@??? ---
Hi, I just found that the pcretest digit underflow problem persists in
pcre2test (10.21) as well. The proposed patch is applicable here for this
version as well. The particular input (Underflow in input parsing) leads to a
hang caused by a while(1) like condition. I have attached a new test case.

The problem is the while loop on line 5463 of pcre2test.c:

> while (isdigit(*p)) i = i * 10 + *p++ - '0';


If `i` underflows, `needlen` inherits a large value due to:

> needlen += replen * i;


For this particular input, we end up in an infinite loop here:

> while (needlen >= dbuffer_size) dbuffer_size *= 2;


because `dbuffer_size` eventually gets doubled (right-shifted) to zero, and
from then on, the loop is equivalent to a while(1).

--
You are receiving this mail because:
You are on the CC list for the bug.