[pcre-dev] [Bug 2463] New: Integer overflow parsing callout …

Top Page

Reply to this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2463] New: Integer overflow parsing callout numeric arg in pcre1
https://bugs.exim.org/show_bug.cgi?id=2463

            Bug ID: 2463
           Summary: Integer overflow parsing callout numeric arg in pcre1
           Product: PCRE
           Version: 8.43
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: bpfoley@???
                CC: pcre-dev@???


Created attachment 1229
--> https://bugs.exim.org/attachment.cgi?id=1229&action=edit
Check (?C<arg>) integer arg for overflow

Fix int overflow when parsing "?C<arg>" callout args.

This is probably harmless, because numerical args must be 0-255, so this
shouldn't break correct usage.

Found with Google's ClusterFuzz and ASAN.

--
You are receiving this mail because:
You are on the CC list for the bug.