[pcre-dev] [Bug 1889] PCRE2 Heap Overflow Vulnerability

Page principale
Ce message fait partie du fil suivant :
M+\Arborescence complète du fil triée par date
MMMadmin à <-
admin à ->
Supprimer ce message
Auteur: admin
Date:  
À: pcre-dev
Sujet: [pcre-dev] [Bug 1889] PCRE2 Heap Overflow Vulnerability
https://bugs.exim.org/show_bug.cgi?id=1889

Petr Pisar <ppisar@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ppisar@???


--- Comment #1 from Petr Pisar <ppisar@???> ---
That because the regexp is not in UTF-8 and you disabled the UTF-8 validation
explicitly: 

# hexdump -C bufover_1_min 
00000000  2f d4 83 a4 9c a4 9c b0  3f 2f 6e 6f 5f 75 74 66  |/.......?/no_utf|
00000010  5f 63 68 65 63 6b 2c 75  74 66                    |_check,utf|
0000001a
# LC_ALL=C  iconv -f utf-8 -t utf-8 < bufover_1_min 
/ԃiconv: illegal input sequence at position 3


Then the library can crash because it takes assumptions about valid UTF-8 byte
strings.

--
You are receiving this mail because:
You are on the CC list for the bug.
Ce message a été envoyé sur les listes de diffusion suivantes :
Pcre-dev
Informations sur la liste de diffusion | Messages voisins		<-[pcre-dev] [Bug 1889] New: PCRE2 Heap Overflow Vulnerability[pcre-dev] [Bug 1889] PCRE2 Heap Overflow Vulnerability->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)