https://bugs.exim.org/show_bug.cgi?id=2091
Bug ID: 2091
Summary: Conditional jump or move depends on uninitialised
value at pcretest.c:5364 in UTF-32 mode
Product: PCRE
Version: 8.40
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: ppisar@???
CC: pcre-dev@???
When processing following input by pcretest in UTF-32 mode:
/.*/
\C0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
(the subject must have this specific length) valgrind reports a conditional
jump on undefined value at pcretest.c:5364:
#ifdef SUPPORT_PCRE32
if (pcre_mode == PCRE32_MODE)
{
â if (*(pcre_uint32 *)cnptr == 0) break;
}
#endif
This happens with pcre-8.40 as well as latest PCRE1 SVN tip.
$ libtool --mode=execute valgrind ./pcretest -32
==6873== Memcheck, a memory error detector
==6873== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==6873== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==6873== Command: /home/petr/pcre/svn-git/.libs/lt-pcretest -32
==6873==
PCRE version 8.41-RC1 2017-02-01
re> /.*/
data> \C0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
0: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
0C aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (66)
copy substring aa failed -7
==6873== Conditional jump or move depends on uninitialised value(s)
==6873== at 0x4061C0: main (pcretest.c:5364)
==6873==
If I build pcre with some hardening options (-Wp,-D_FORTIFY_SOURCE=2
-fstack-protector-strong) as listed in
<
https://kojipkgs.fedoraproject.org//packages/pcre/8.40/6.fc27/data/logs/x86_64/build.log>,
I also obtain a "stack smashing detected" exception pointing to
pcretest.c:5770.
I'm not sure if this a bug in the library or in the pcretest. Probably the
second one. The reproducer is a reduced version of data from
<
https://bugs.exim.org/show_bug.cgi?id=2055>.
--
You are receiving this mail because:
You are on the CC list for the bug.
