https://bugs.exim.org/show_bug.cgi?id=2124
Bug ID: 2124
Summary: Regular expression causes endless? looping in
pcre2_match_8
Product: PCRE
Version: 10.23 (PCRE2)
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: tony@???
CC: pcre-dev@???
We hit a problem with PCRE2 in combination with ClamAV. We reported this to
ClamAV first (
https://bugzilla.clamav.net/show_bug.cgi?id=11831), but
apparently the issue is actually in PCRE2. The command from the ClamAV
developer was "I found it to be looping in the function pcre2_match_8()", but I
haven't tried to verify this myself.
The ClamAV debug output has this, which shows the expression that's causing the
problem:
LibClamAV debug: cli_pcre_scanbuf: checking 0; running regex
/[A-Za-z0-9]+\s*=\s*(\x22|\x27)\s*(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{6})\s*(\x22|\x27)\s+/
LibClamAV debug: cli_pcre_scanbuf: triggered 0; running regex
/[A-Za-z0-9]+\s*=\s*(\x22|\x27)\s*(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{6})\s*(\x22|\x27)\s+/
(global)
We can easily reproduce within ClamAV, but I'm not familiar enough with PCRE2
to know how I could try to reproduce outside of that. I'm happy to try to
produce and provide exact steps if you could maybe give me a starting point for
doing that?
Let me know if there's any more info that we can provide.
--
You are receiving this mail because:
You are on the CC list for the bug.
