https://bugs.exim.org/show_bug.cgi?id=2044
Petr Pisar <ppisar@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ppisar@???
--- Comment #2 from Petr Pisar <ppisar@???> ---
It's binary rubbish. An output of fuzzer that applies random changes to some
reasonable input. You can use "hexdump -C" or vim for inspection. I managed to
reduce it to:
$ printf '%s\n%s\n' '//P' '\O7777777777777' | ./pcretest
The key point is POSIX interface and long enough octal representation of a code
point as a subject. \O7777777777777 segfaults, a one digit shorter
\O777777777777 reports:
$ printf '%s\n%s\n' '//P' '\O777777777777' | ./pcretest
PCRE version 8.41-RC1 2017-02-01
re> data> No match: POSIX code 14: failed to get memory
data>
It crashes here:
0x000000000040b61c in main (argc=2, argv=0x7fffffffe2d8) at pcretest.c:5083
5083 if (pmatch[i].rm_so >= 0)
Code:
5078 else
5079 {
5080 size_t i;
5081 for (i = 0; i < (size_t)use_size_offsets; i++)
5082 {
5083 â if (pmatch[i].rm_so >= 0)
5084 {
5085 fprintf(outfile, "%2d: ", (int)i);
5086 PCHARSV(dbuffer, pmatch[i].rm_so,
5087 pmatch[i].rm_eo - pmatch[i].rm_so, outfile);
Variables:
pmatch = 0x0
i = 0
use_size_offsets = -407995279 (casted to size_t = 18446744073301556337)
--
You are receiving this mail because:
You are on the CC list for the bug.
