[pcre-dev] [Bug 2077] pcre2_serialize_decode() can read from…

Top Page
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2077] pcre2_serialize_decode() can read from invalid memory because it does not know bytes length
https://bugs.exim.org/show_bug.cgi?id=2077

Philip Hazel <ph10@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED


--- Comment #1 from Philip Hazel <ph10@???> ---
The pcre2serialize man page does already say this: "The facility for saving and
restoring compiled patterns is intended for use within individual applications.
As such, the data supplied to pcre2_serialize_decode() is expected to be
trusted data, not data from arbitrary external sources. There is only some
simple consistency checking, not complete validation of what is being
re-loaded."

I have added some more words about this particular issue. Thanks for the
report.

--
You are receiving this mail because:
You are on the CC list for the bug.