[pcre-dev] [Bug 2479] Heap buffer overflow vulnerability in …

Page principale
Ce message fait partie du fil suivant :
M+++\Arborescence complète du fil triée par date
MMMMMadmin à <-
admin à ->
Supprimer ce message
Auteur: admin
Date:  
À: pcre-dev
Sujet: [pcre-dev] [Bug 2479] Heap buffer overflow vulnerability in GETCHARINC() (pcre2_match.c)
https://bugs.exim.org/show_bug.cgi?id=2479

--- Comment #4 from Zoltan Herczeg <hzmester@???> ---
You have multiple options. Please check one of them:

- Let pcre validate the input (can be slow if the input is large)
- You validate the input, and tell pcre that the input is valid
(\=no_utf_check)
- You can tell pcre that the input might be invalid. Here is an example:

re> /./match_invalid_utf
data> \x80\xff#
0: #

The last option has a performance overhead, but there are cases when it is
useful.

--
You are receiving this mail because:
You are on the CC list for the bug.
Ce message a été envoyé sur les listes de diffusion suivantes :
Pcre-dev
Informations sur la liste de diffusion | Messages voisins		<-[pcre-dev] [Bug 2484] Stack overflow in internal_dfa_match() (pcre2_dfa_match.c)[pcre-dev] [Bug 2487] rspamd segfault with 10.34 (works with 10.32)->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)