[pcre-dev] [Bug 1889] PCRE2 Heap Overflow Vulnerability

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMadmin at <-
admin at ->
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 1889] PCRE2 Heap Overflow Vulnerability
https://bugs.exim.org/show_bug.cgi?id=1889

Petr Pisar <ppisar@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ppisar@???


--- Comment #1 from Petr Pisar <ppisar@???> ---
That because the regexp is not in UTF-8 and you disabled the UTF-8 validation
explicitly: 

# hexdump -C bufover_1_min 
00000000  2f d4 83 a4 9c a4 9c b0  3f 2f 6e 6f 5f 75 74 66  |/.......?/no_utf|
00000010  5f 63 68 65 63 6b 2c 75  74 66                    |_check,utf|
0000001a
# LC_ALL=C  iconv -f utf-8 -t utf-8 < bufover_1_min 
/ԃiconv: illegal input sequence at position 3


Then the library can crash because it takes assumptions about valid UTF-8 byte
strings.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] [Bug 1889] New: PCRE2 Heap Overflow Vulnerability[pcre-dev] [Bug 1889] PCRE2 Heap Overflow Vulnerability->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)