[pcre-dev] [Bug 2091] New: Conditional jump or move depends …

Top Page

Reply to this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2091] New: Conditional jump or move depends on uninitialised value at pcretest.c:5364 in UTF-32 mode
https://bugs.exim.org/show_bug.cgi?id=2091

            Bug ID: 2091
           Summary: Conditional jump or move depends on uninitialised
                    value at pcretest.c:5364 in UTF-32 mode
           Product: PCRE
           Version: 8.40
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: ppisar@???
                CC: pcre-dev@???


When processing following input by pcretest in UTF-32 mode:

/.*/
\C0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

(the subject must have this specific length) valgrind reports a conditional
jump on undefined value at pcretest.c:5364:

#ifdef SUPPORT_PCRE32
          if (pcre_mode == PCRE32_MODE)
            {
→           if (*(pcre_uint32 *)cnptr == 0) break;
            }
#endif



This happens with pcre-8.40 as well as latest PCRE1 SVN tip.

$ libtool --mode=execute valgrind ./pcretest -32
==6873== Memcheck, a memory error detector
==6873== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==6873== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==6873== Command: /home/petr/pcre/svn-git/.libs/lt-pcretest -32
==6873==
PCRE version 8.41-RC1 2017-02-01

re> /.*/
data> \C0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

 0: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 0C aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (66)
copy substring aa failed -7
==6873== Conditional jump or move depends on uninitialised value(s)
==6873==    at 0x4061C0: main (pcretest.c:5364)
==6873== 


If I build pcre with some hardening options (-Wp,-D_FORTIFY_SOURCE=2
-fstack-protector-strong) as listed in
<https://kojipkgs.fedoraproject.org//packages/pcre/8.40/6.fc27/data/logs/x86_64/build.log>,
I also obtain a "stack smashing detected" exception pointing to
pcretest.c:5770.

I'm not sure if this a bug in the library or in the pcretest. Probably the
second one. The reproducer is a reduced version of data from
<https://bugs.exim.org/show_bug.cgi?id=2055>.

--
You are receiving this mail because:
You are on the CC list for the bug.