[pcre-dev] [Bug 2440] New: Segfault when JIT eval under cert…

Top Page

Reply to this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2440] New: Segfault when JIT eval under certain conditions
https://bugs.exim.org/show_bug.cgi?id=2440

            Bug ID: 2440
           Summary: Segfault when JIT eval under certain conditions
           Product: PCRE
           Version: 10.33 (PCRE2)
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: security
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: eet6646@???
                CC: pcre-dev@???


Under certain conditions with the JIT compiler, the regex compiles, but during
eval, even though the subject length passed to pcre_match is 0, the subject
pointer still seems to be read. This only happens with certain regexs. See
attached source file, note the `#if` at the top to toggle the regex from
failing to passing.

`gcc -g -Wall main.c -lpcre2-8 -o demo && ./demo`
`[1]    571 segmentation fault (core dumped)  ./demo`


Initial discovery while using the rust-pcre2 crate:
https://github.com/BurntSushi/rust-pcre2/issues/10

--
You are receiving this mail because:
You are on the CC list for the bug.