[pcre-dev] [Bug 2139] There is a stack-overflow in file pcr…

Top Page

Reply to this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2139] There is a stack-overflow in file pcre2_match.c of libpcre2
https://bugs.exim.org/show_bug.cgi?id=2139

Philip Hazel <ph10@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED


--- Comment #3 from Philip Hazel <ph10@???> ---
I discovered that I have got "unrar" on my box, so I looked at your POC1 file.
This is a typical case of a pattern that is going to use a lot of resources
before it can conclude "no match". That is, there is a very large tree of
possibilities that it has to search. I tested this with the latest (rewritten)
code and it just ran for a long time. There are limits that you can apply to
catch these kinds of match. A "match limit" of 21000 or less stops the search
quickly. I do not think this is a bug.

It is advisable for testing by fuzzing to put default resource limits on
everything so that these kinds of false positives do not happen.

--
You are receiving this mail because:
You are on the CC list for the bug.