[pcre-dev] [Bug 2056] stack-based buffer overflow in read_c…

Startseite
Nachricht löschen
Autor: admin
Datum:  
To: pcre-dev
Betreff: [pcre-dev] [Bug 2056] stack-based buffer overflow in read_capture_name32 (pcretest.c)
https://bugs.exim.org/show_bug.cgi?id=2056

Philip Hazel <ph10@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX


--- Comment #1 from Philip Hazel <ph10@???> ---
This is another unimportant bit of hacky code in pcretest that does not expect
group names to be longer than 1024 characters. The comment in the code says
"Assume that 1024 is plenty long enough for the few names we'll be testing."
It was never envisaged that fuzzers would be hammering pcretest with random
junk.

However, I was wiser when I implemented pcre2test, which does diagnose overlong
names. This is not worth fixing.

--
You are receiving this mail because:
You are on the CC list for the bug.