[pcre-dev] [Bug 2380] PCRE 8.43 and Undefined Behavior sanit…

Top Page

Reply to this message
Author: admin
Date:  
To: pcre-dev
Old-Topics: [pcre-dev] [Bug 2380] New: PCRE 8.43 and Undefined Behavior sanitizer findings
Subject: [pcre-dev] [Bug 2380] PCRE 8.43 and Undefined Behavior sanitizer findings
https://bugs.exim.org/show_bug.cgi?id=2380

Philip Hazel <ph10@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED


--- Comment #6 from Philip Hazel <ph10@???> ---
(In reply to Jeffrey Walton from comment #4)
>
> No problems. It is a public domain gift to the project with no license or
> terms. Use it how you like.


I have applied the patches that are needed to get rid of the sanitize messages,
not bothering with the short shifts in pcre_jit_compile, partly because that is
not my code (though I have a applied a couple that did generate output).
>
> The one change I was not sure about is this. You may need to fiddle with it:
>
> +++ pcretest.c
> @@ -4445,7 +4445,7 @@
>
>            if (extra != NULL)
>              {
> -            if (fwrite(extra->study_data, 1, true_study_size, f) <
> +            if (extra->study_data && fwrite(extra->study_data, 1,
> true_study_size, f) <
>                  true_study_size)


> This may be a better choice:
>
> + if (extra->study_data == NULL || fwrite(extra->study_data, 1,
> true_study_size, f) < true_study_size)


The "correct" fix (which I have applied) is this:

if (extra != NULL && (extra->flags & PCRE_EXTRA_STUDY_DATA) != 0)

There will be a new (and probably final) release of PCRE1 shortly.

--
You are receiving this mail because:
You are on the CC list for the bug.