https://bugs.exim.org/show_bug.cgi?id=2520
Bug ID: 2520
Summary: Error in pcre2_substitute with
PCRE2_SUBSTITUTE_MATCHED
Product: PCRE
Version: 10.34 (PCRE2)
Hardware: x86
OS: All
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: kkilger@???
CC: pcre-dev@???
There is a bug in "pcre2_substitute" when using the newly introduced flag
PCRE2_SUBSTITUTE_MATCHED. This is very bad when used together with
PCRE2_SUBSTITUTE_OVERFLOW_LENGTH but is also a problem in other cases.
When an error occurs (say, the buffer length is too short) in line 945 of
todays github branch the following code occurs:
if (match_data_created) pcre2_match_data_free(match_data);
else match_data->rc = rc;
The problem is the second line, which destroys the match_data, which the user
supplied from the outside.
This prevents calling the function a second time with the same match data,
which the user *always* wants, when the output buffer length was too short. But
also in all other cases it seems very suspicious to change the user supplied
match data if PCRE2_SUBSTITUTE_MATCHED is set.
I suggest to remove that assignment, if PCRE2_SUBSTITUTE_MATCHED is set.
Thanks,
Kilian.
--
You are receiving this mail because:
You are on the CC list for the bug.
