https://bugs.exim.org/show_bug.cgi?id=2048
Bug ID: 2048
Summary: another infinite loop in pcre_exec.c
Product: PCRE
Version: 8.40
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: p...@hermes.cam.ac.uk
Reporter: a...@gentoo.org
CC: pcre-dev@exim.org
Created attachment 988
--> https://bugs.exim.org/attachment.cgi?id=988&action=edit
stacktrace
Hello,
I found an infinite loop through fuzzing.
IMPORTANT:
I don't know if it can be closed as a duplicate of 2047, the stacktrace seems
to point to a different line but they can have the same root cause.
It was tested on version 8.40, compiled with clang-3.9.1
Since pcre_exec.c is part of the library, you can consider this as a security
bug and change the severity.
Output, included stacktrace in attachment.
Command to reproduce:
# pcretest -16 -d $FILE
Reproducer:
https://github.com/asarubbo/poc/blob/master/00199-pcre-infiniteloop2
( I know that is preferable attach reproducer here, but this link won't expire
in the future )
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
