On Thu, Jan 20, 2022 at 3:53 PM William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> pcre1 is very dangerous, on stack. pcre2 is highly cautioned against
> using stack for
> its arrays, by its author. We should heed the advice.
My iterative changes make it possible to use PCRE1 on heap (at least
for the vector we pass to pcre_exec) when the compiler supports TLS
natively.
For the software I'm in charge of I also usually compile PCRE1 with
--no-recurse-on-stack and override pcre[_stack]_{malloc,free}() to use
TLS (and apr_pools), but it's not something applicable to upstream
httpd because third-party modules possibly use PCRE each their own way
(like me..).
Not sure if I can do that with PCRE2 if it always
--no-recurse-on-stack, probably if pcre2_malloc/free are still
override-able but I didn't look into it yet (until then I'll keep
using PCRE1..).
Cheers;
Yann.
