[pcre-dev] [Bug 2479] Heap buffer overflow vulnerability in …

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMadmin at <-
admin at ->
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2479] Heap buffer overflow vulnerability in GETCHARINC() (pcre2_match.c)
https://bugs.exim.org/show_bug.cgi?id=2479

--- Comment #2 from Philip Hazel <ph10@???> ---
Your test file does not fail for me. I get a pile of error messages, ending
with
** Binary zero encountered in input
** pcre2test run abandoned

However, I see that \=no_utf_check occurs in several places in the file. I
suspect you are passing invalid UTF with this option set. If so, you can expect
crashes. This is documented. Turning off the UTF checking should only be done
if you know that the input is a valid UTF string.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] [Bug 2469] Portability fix for secure_getenv usage[pcre-dev] [Bug 2484] Stack overflow in internal_dfa_match() (pcre2_dfa_match.c)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)