[pcre-dev] [Bug 2094] New: PCRE 8.40 with JIT mode enabled …

https://bugs.exim.org/show_bug.cgi?id=2094

            Bug ID: 2094
           Summary: PCRE 8.40 with JIT mode enabled generates invalid
                    memory read warnings
           Product: PCRE
           Version: 8.40
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: datong@???
                CC: pcre-dev@???

Thanks Shuxin Yang (https://github.com/yangshuxin) and Yichun Zhang
(https://github.com/agentzh) for helping identifying this.

We have discovered a potential invalid memory read inside PCRE JITted code in
recent release of PCRE. It appears that version like PCRE 8.33 are not
affected.

To reproduce, first download this minimum reproducible example:

https://gist.github.com/dndx/45cdea90139cd031e8b604d7aad80614

$ ./configure --enable-jit --prefix=/home/datong/orinc/pcre-8.4-build
--enable-valgrind
$ make -j4 && make install
$ cd /home/datong/orinc/pcre-8.4-build/lib
$ gcc -g test.c libpcre.a
$ valgrind ./a.out
==11428== Memcheck, a memory error detector
==11428== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==11428== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==11428== Command: ./a.out
==11428== 
running: 8.40 2017-01-11
==11428== Invalid read of size 16
==11428==    at 0x4C1307B: ???
==11428==    by 0x4C2E08F: ???
==11428==    by 0xFFEFF7D2F: ???
==11428==  Address 0x4c2e090 is 0 bytes inside a block of size 2 alloc'd
==11428==    at 0x4A06C50: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==11428==    by 0x3E61E8B079: strdup (in /usr/lib64/libc-2.21.so)
==11428==    by 0x400C2E: main (test.c:12)
==11428== 
==11428== 
==11428== HEAP SUMMARY:
==11428==     in use at exit: 0 bytes in 0 blocks
==11428==   total heap usage: 10 allocs, 10 frees, 8,634 bytes allocated
==11428== 
==11428== All heap blocks were freed -- no leaks are possible
==11428== 
==11428== For counts of detected and suppressed errors, rerun with: -v
==11428== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

This issue appears to present in both the x86 and x64 architecture.

Please let me know if there is anything else I can do to help troubleshooting
this.

--
You are receiving this mail because:
You are on the CC list for the bug.