https://bugs.exim.org/show_bug.cgi?id=1854
--- Comment #8 from bshastry@??? ---
Hi, I just found that the pcretest digit underflow problem persists in
pcre2test (10.21) as well. The proposed patch is applicable here for this
version as well. The particular input (Underflow in input parsing) leads to a
hang caused by a while(1) like condition. I have attached a new test case.
The problem is the while loop on line 5463 of pcre2test.c:
> while (isdigit(*p)) i = i * 10 + *p++ - '0';
If `i` underflows, `needlen` inherits a large value due to:
> needlen += replen * i;
For this particular input, we end up in an infinite loop here:
> while (needlen >= dbuffer_size) dbuffer_size *= 2;
because `dbuffer_size` eventually gets doubled (right-shifted) to zero, and
from then on, the loop is equivalent to a while(1).
--
You are receiving this mail because:
You are on the CC list for the bug.
