https://bugs.exim.org/show_bug.cgi?id=2075
Bug ID: 2075 Summary: A memory leak when deserialization detects invalid pattern Product: PCRE Version: 10.23 (PCRE2) Hardware: x86 OS: Linux Status: NEW Severity: bug Priority: medium Component: Code Assignee: p...@hermes.cam.ac.uk Reporter: ppi...@redhat.com CC: pcre-dev@exim.org Created attachment 1004 --> https://bugs.exim.org/attachment.cgi?id=1004&action=edit Fix pcre2_serialize_decode() function allocates dst_re, copies serialized pattern there, and checks pattern consistency like this: if (dst_re->magic_number != MAGIC_NUMBER || dst_re->name_entry_size > MAX_NAME_SIZE + IMM2_SIZE + 1 || dst_re->name_count > MAX_NAME_COUNT) return PCRE2_ERROR_BADSERIALIZEDDATA; If an error is detected, it returns PCRE2_ERROR_BADSERIALIZEDDATA without freeing the dst_re data structure. Attached patch fixes it. PCRE 10.23 and SVN tip is affected. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev