[pcre-dev] [Bug 1991] PCRE2 10.23-RC1 - Stack overflow in in…

Top Page

Reply to this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 1991] PCRE2 10.23-RC1 - Stack overflow in internal_dfa_match()
https://bugs.exim.org/show_bug.cgi?id=1991

Philip Hazel <ph10@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID


--- Comment #1 from Philip Hazel <ph10@???> ---
This is caused by a complicated regex with many nested parentheses. Compiling
such a pattern uses a lot of stack (especially when ASAN is enabled; this
increases stack usage). On my Linux box, compiling runs out of stack with a 1Mb
stack. With a larger stack, a different pattern runs out of stack while
matching (again, much more stack is needed for ASAN). There is no problem with
ASAN on my system if the stack is 4Mb or above. (And as I keep grumbling, why
do people run with such small stacks in these days of gigabyte memories?)

PCRE2 does not of itself guard against stack overflows. There are facilities in
PCRE2 for limiting the depth of parentheses in order to prevent stack overrun
when compiling. See the pcre2_set_parens_nest_limit() function. There are
facilities for limiting stack usage in pcre2_match(), but not at present in
pcre2_dfa_match(), which is where your matching stack overrun happens (though
not unless ASAN is in use).

I will think about adding some limiting features for pcre2_dfa_match().
Meanwhile, this specific issue is not a valid bug.

--
You are receiving this mail because:
You are on the CC list for the bug.