[pcre-dev] [Bug 2479] Heap buffer overflow vulnerability in …

Top Page

Reply to this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2479] Heap buffer overflow vulnerability in GETCHARINC() (pcre2_match.c)
https://bugs.exim.org/show_bug.cgi?id=2479

--- Comment #4 from Zoltan Herczeg <hzmester@???> ---
You have multiple options. Please check one of them:

- Let pcre validate the input (can be slow if the input is large)
- You validate the input, and tell pcre that the input is valid
(\=no_utf_check)
- You can tell pcre that the input might be invalid. Here is an example:

re> /./match_invalid_utf
data> \x80\xff#

0: #

The last option has a performance overhead, but there are cases when it is
useful.

--
You are receiving this mail because:
You are on the CC list for the bug.