[pcre-dev] [Bug 2421] Array cross-border reading/global vari…

Top Page
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2421] Array cross-border reading/global variable coverage in PCRE Library
https://bugs.exim.org/show_bug.cgi?id=2421

--- Comment #3 from Daige <3556158925@???> ---
I find that pcre2test call the function pcre2_jit_match with parameter
options=0, but PHP call it with parameter options=PCRE2_NO_UTF_CHECK. Then I
modify the source code of PHP, set the "options" to constant 0, recompile PHP,
but it still crash. So, even if I don't understand the internal implementation
of PCRE, I still think that this bug has nothing to do with the "options"
variable.

Next, I analyzed the execution flow of these two programs. The reason why PHP
generates crashes but pcre2test doesn't is that pcre2test checks the input data
in the process_data function (Line 8959 in pcre2test.c), but PHP send the data
directly to the function pcre2_jit_match. If you comment out line 6833 of the
file pcre2test.c, 
    if (isalnum(c))
      {
      fprintf(outfile, "** Unrecognized escape sequence \"\\%c\"\n", c);
      //return PR_OK;    //modify here
      }
    }
pcre2test will generate the same crashes as PHP.


--
You are receiving this mail because:
You are on the CC list for the bug.