[pcre-dev] [Bug 2077] pcre2_serialize_decode() can read from…

Inizio della pagina
Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
Madmin at <-
 
Delete this message
Autore: admin
Data:  
To: pcre-dev
Oggetto: [pcre-dev] [Bug 2077] pcre2_serialize_decode() can read from invalid memory because it does not know bytes length
https://bugs.exim.org/show_bug.cgi?id=2077

Philip Hazel <ph10@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED


--- Comment #1 from Philip Hazel <ph10@???> ---
The pcre2serialize man page does already say this: "The facility for saving and
restoring compiled patterns is intended for use within individual applications.
As such, the data supplied to pcre2_serialize_decode() is expected to be
trusted data, not data from arbitrary external sources. There is only some
simple consistency checking, not complete validation of what is being
re-loaded."

I have added some more words about this particular issue. Thanks for the
report.

--
You are receiving this mail because:
You are on the CC list for the bug.
Questo messaggio è stato inviato alle seguenti mailing lists:
Pcre-dev
Informazioni sulla Mailing List | Messaggi correlati		<-[pcre-dev] [Bug 2076] pcre2_callout_enumerate() checks re for NULL too late[pcre-dev] [Bug 2086] New: Bug in Regex match rule->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)