https://bugs.exim.org/show_bug.cgi?id=2440
Bug ID: 2440
Summary: Segfault when JIT eval under certain conditions
Product: PCRE
Version: 10.33 (PCRE2)
Hardware: x86
OS: Linux
Status: NEW
Severity: security
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: eet6646@???
CC: pcre-dev@???
Under certain conditions with the JIT compiler, the regex compiles, but during
eval, even though the subject length passed to pcre_match is 0, the subject
pointer still seems to be read. This only happens with certain regexs. See
attached source file, note the `#if` at the top to toggle the regex from
failing to passing.
`gcc -g -Wall main.c -lpcre2-8 -o demo && ./demo`
`[1] 571 segmentation fault (core dumped) ./demo`
Initial discovery while using the rust-pcre2 crate:
https://github.com/BurntSushi/rust-pcre2/issues/10
--
You are receiving this mail because:
You are on the CC list for the bug.
