Author: Giuseppe D'Angelo Date: To: pcre-dev Subject: [pcre-dev] Fuzzing, stack overflows, pcretest & similar reports
Howdy,
PCRE seems to be getting a good amount of bug reports around the same
kind of issues, which are known and documented. For instance:
* Stack overflows when configuring PCRE not to use the heap for
allocating memory
* Passing invalid Unicode data to pcre_exec, and disabling the Unicode checks
* Fuzzing (aka dumping garbage into) pcretest, which is just an
internal testing tool, not part of the API. Although it should never
crash, making it misbehave is not as dramatic as it sounds. The "real"
thing to test is the API.
(The list can probably go on.)
I was wondering if this can be turned in some sort of FAQ to be linked
from the bug submission page, so that people know that such behaviours
are known and do not constitute bugs.
The purpose of all of this: spare the developers precious development
time wasted at marking all of these bugs as invalid, or to make
pcretest super-strong when (IMHO) there isn't the need.