[pcre-dev] [Bug 2044] null pointer dereference in main (pcre…

Αρχική Σελίδα
Delete this message
Συντάκτης: admin
Ημερομηνία:  
Προς: pcre-dev
Αντικείμενο: [pcre-dev] [Bug 2044] null pointer dereference in main (pcretest.c)
https://bugs.exim.org/show_bug.cgi?id=2044

Petr Pisar <ppisar@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ppisar@???


--- Comment #2 from Petr Pisar <ppisar@???> ---
It's binary rubbish. An output of fuzzer that applies random changes to some
reasonable input. You can use "hexdump -C" or vim for inspection. I managed to
reduce it to:

$ printf '%s\n%s\n' '//P' '\O7777777777777' | ./pcretest

The key point is POSIX interface and long enough octal representation of a code
point as a subject. \O7777777777777 segfaults, a one digit shorter
\O777777777777 reports:

$ printf '%s\n%s\n' '//P' '\O777777777777' | ./pcretest
PCRE version 8.41-RC1 2017-02-01

re> data> No match: POSIX code 14: failed to get memory
data>


It crashes here:

0x000000000040b61c in main (argc=2, argv=0x7fffffffe2d8) at pcretest.c:5083
5083              if (pmatch[i].rm_so >= 0)


Code:

5078          else
5079            {
5080            size_t i;
5081            for (i = 0; i < (size_t)use_size_offsets; i++)
5082              {
5083 →            if (pmatch[i].rm_so >= 0)
5084                {
5085                fprintf(outfile, "%2d: ", (int)i);
5086                PCHARSV(dbuffer, pmatch[i].rm_so,
5087                  pmatch[i].rm_eo - pmatch[i].rm_so, outfile);



Variables:

pmatch = 0x0
i = 0
use_size_offsets = -407995279 (casted to size_t = 18446744073301556337)

--
You are receiving this mail because:
You are on the CC list for the bug.