[pcre-dev] [Bug 2077] pcre2_serialize_decode() can read from…

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
Madmin en <-
 
Delete this message
Autor: admin
Data:  
A: pcre-dev
Assumpte: [pcre-dev] [Bug 2077] pcre2_serialize_decode() can read from invalid memory because it does not know bytes length
https://bugs.exim.org/show_bug.cgi?id=2077

Philip Hazel <ph10@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED


--- Comment #1 from Philip Hazel <ph10@???> ---
The pcre2serialize man page does already say this: "The facility for saving and
restoring compiled patterns is intended for use within individual applications.
As such, the data supplied to pcre2_serialize_decode() is expected to be
trusted data, not data from arbitrary external sources. There is only some
simple consistency checking, not complete validation of what is being
re-loaded."

I have added some more words about this particular issue. Thanks for the
report.

--
You are receiving this mail because:
You are on the CC list for the bug.
Aquest missatge es va enviar a les següents llistes de correu:
Pcre-dev
Informació sobre la llista de correu | Missatges propers		<-[pcre-dev] [Bug 2076] pcre2_callout_enumerate() checks re for NULL too late[pcre-dev] [Bug 2086] New: Bug in Regex match rule->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)