[pcre-dev] [Bug 2330] Content "n\xff=" can crash libpcre whe…

Top Page
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2330] Content "n\xff=" can crash libpcre when an application is matching the pattern \s*=
https://bugs.exim.org/show_bug.cgi?id=2330

--- Comment #8 from Philip Hazel <ph10@???> ---
(In reply to Alex Murray from comment #6)
> So the issue then is in glib - my PoC reproduces what glib calls into pcre
> with - so glib needs to add validation that it is valid utf8 before calling
> into pcre then right?


Whatever calls PCRE (and I didn't realize that glib did) must EITHER validate
the strings it is passing OR not set PCRE_NO_UTF8_CHECK. That is the
specification of PCRE. (The option was created so that applications that know
they have valid strings can improve performance by bypassing the check. In
particular this applies to global searches, where the UTF-8 check can safely be
turned off for the second and subsequent searches of the same string.)

--
You are receiving this mail because:
You are on the CC list for the bug.