[pcre-dev] [Bug 2520] New: Error in pcre2_substitute with P…

Página Inicial
Delete this message
Autor: admin
Data:  
Para: pcre-dev
Assunto: [pcre-dev] [Bug 2520] New: Error in pcre2_substitute with PCRE2_SUBSTITUTE_MATCHED
https://bugs.exim.org/show_bug.cgi?id=2520

            Bug ID: 2520
           Summary: Error in pcre2_substitute with
                    PCRE2_SUBSTITUTE_MATCHED
           Product: PCRE
           Version: 10.34 (PCRE2)
          Hardware: x86
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: ph10@???
          Reporter: kkilger@???
                CC: pcre-dev@???


There is a bug in "pcre2_substitute" when using the newly introduced flag
PCRE2_SUBSTITUTE_MATCHED. This is very bad when used together with
PCRE2_SUBSTITUTE_OVERFLOW_LENGTH but is also a problem in other cases.

When an error occurs (say, the buffer length is too short) in line 945 of
todays github branch the following code occurs:

if (match_data_created) pcre2_match_data_free(match_data);
else match_data->rc = rc;

The problem is the second line, which destroys the match_data, which the user
supplied from the outside.

This prevents calling the function a second time with the same match data,
which the user *always* wants, when the output buffer length was too short. But
also in all other cases it seems very suspicious to change the user supplied
match data if PCRE2_SUBSTITUTE_MATCHED is set.

I suggest to remove that assignment, if PCRE2_SUBSTITUTE_MATCHED is set.

Thanks,
Kilian.

--
You are receiving this mail because:
You are on the CC list for the bug.