On Fri, 12 Dec 2014, Ralf Junker wrote: > The pattern > > (?=ab\K) > > is documented that it may return a start of the match greater than the end of > the match. This is true, for example, for the subject > > ab > > which yields 2 for start and 0 for end. > > Using pcre2_substring_length_bynumber() to determine the length of this > pattern leads to a negative underflow and yields 4294967294 on 32-bit systems, > 18446744073709551614 on 64-bit. > > All pcre2_substring_...() functions involving pattern length calculation seem > effected by this underflow. > > In particular, pcre2_substring_get_...() allocate memory based on this > incorrect computation, which can easily lead to out of memory situations.
Oh how embarrassing; that's another nasty bug you have found. If we ever meet, I clearly owe you lots of beer. Philip -- Philip Hazel -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
