[pcre-dev] [Bug 2075] New: A memory leak when deserializatio…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
admin at ->
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2075] New: A memory leak when deserialization detects invalid pattern
https://bugs.exim.org/show_bug.cgi?id=2075 

            Bug ID: 2075
           Summary: A memory leak when deserialization detects invalid
                    pattern
           Product: PCRE
           Version: 10.23 (PCRE2)
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: ppisar@???
                CC: pcre-dev@???


Created attachment 1004
--> https://bugs.exim.org/attachment.cgi?id=1004&action=edit
Fix

pcre2_serialize_decode() function allocates dst_re, copies serialized pattern
there, and checks pattern consistency like this: 

  if (dst_re->magic_number != MAGIC_NUMBER ||
      dst_re->name_entry_size > MAX_NAME_SIZE + IMM2_SIZE + 1 ||
      dst_re->name_count > MAX_NAME_COUNT)
    return PCRE2_ERROR_BADSERIALIZEDDATA;


If an error is detected, it returns PCRE2_ERROR_BADSERIALIZEDDATA without
freeing the dst_re data structure.

Attached patch fixes it.

PCRE 10.23 and SVN tip is affected.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] [Bug 2074] New: Files not closed on CMD_LOAD/CMD_SAVE errorRe: [pcre-dev] Re-factored pcre2_match() needs testing->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)