https://bugs.exim.org/show_bug.cgi?id=2075
Bug ID: 2075
Summary: A memory leak when deserialization detects invalid
pattern
Product: PCRE
Version: 10.23 (PCRE2)
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: p...@hermes.cam.ac.uk
Reporter: ppi...@redhat.com
CC: pcre-dev@exim.org
Created attachment 1004
--> https://bugs.exim.org/attachment.cgi?id=1004&action=edit
Fix
pcre2_serialize_decode() function allocates dst_re, copies serialized pattern
there, and checks pattern consistency like this:
if (dst_re->magic_number != MAGIC_NUMBER ||
dst_re->name_entry_size > MAX_NAME_SIZE + IMM2_SIZE + 1 ||
dst_re->name_count > MAX_NAME_COUNT)
return PCRE2_ERROR_BADSERIALIZEDDATA;
If an error is detected, it returns PCRE2_ERROR_BADSERIALIZEDDATA without
freeing the dst_re data structure.
Attached patch fixes it.
PCRE 10.23 and SVN tip is affected.
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
