[pcre-dev] [Bug 2479] Heap buffer overflow vulnerability in …

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMadmin at <-
admin at ->
Delete this message
Author: admin
Date:  
To: pcre-dev
Subject: [pcre-dev] [Bug 2479] Heap buffer overflow vulnerability in GETCHARINC() (pcre2_match.c)
https://bugs.exim.org/show_bug.cgi?id=2479

--- Comment #4 from Zoltan Herczeg <hzmester@???> ---
You have multiple options. Please check one of them:

- Let pcre validate the input (can be slow if the input is large)
- You validate the input, and tell pcre that the input is valid
(\=no_utf_check)
- You can tell pcre that the input might be invalid. Here is an example:

re> /./match_invalid_utf
data> \x80\xff#
0: #

The last option has a performance overhead, but there are cases when it is
useful.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] [Bug 2484] Stack overflow in internal_dfa_match() (pcre2_dfa_match.c)[pcre-dev] [Bug 2487] rspamd segfault with 10.34 (works with 10.32)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)