Szerző: ph10 Dátum: Címzett: Giuseppe D'Angelo CC: pcre-dev, skunk Tárgy: Re: [pcre-dev] Serialization format versioning
On Mon, 25 Jun 2018, Giuseppe D'Angelo via Pcre-dev wrote:
> Not as a general way, but it's been a requested feature for
> QRegularExpression to be able to save/restore the bytecode. While I
> can tell the users to never restore from untrusted data, my question
> was about data saved from PCRE itself -- that is, if it's guaranteed
> to work in any case (this includes rejecting loading, important bit is
> not to crash), especially using a platform for saving and another
> platform for loading.
I don't think there's any guarantee of not crashing unless you can
guarantee the data is not corrupted. For example, it contains lengths of
patterns, and if these are overwritten, it might read past the end of
the data. There are sanity checks on the magic number, etc. and there
are some other checks within the code - for example if the purported
size of a pattern is less than the minimum.