[pcre-dev] [Bug 2047] infinite loop in pcre_exec.c

Startseite
Nachricht löschen
Autor: admin
Datum:  
To: pcre-dev
Betreff: [pcre-dev] [Bug 2047] infinite loop in pcre_exec.c
https://bugs.exim.org/show_bug.cgi?id=2047

--- Comment #5 from Philip Hazel <ph10@???> ---
It is very easy to write patterns that have extremely large search trees, and
these can consume a lot of time and/or stack in the current implementation of
pcre2_match(). There are options (*LIMIT_MATCH) and (*LIMIT_RECURSION) that can
be used to limit the amount of stack that is used. The limits can also be set
from pcretest and from programs that call the library directly. This is all
well documented. Fuzzers should always set these limits much lower than the
defaults. See, for example, the file src/pcre2_fuzzsupport.c in PCRE2.

Also, as I have said several times recently on the list, there will soon be a
new implementation of pcre2_match() that uses heap storage rather than the
stack. The same limits are available to control the amount of resource used.
This should avoid stack overflows, but there will always be patterns that will
take a lot of resources if you don't limit them.

--
You are receiving this mail because:
You are on the CC list for the bug.