[pcre-dev] [Bug 2077] pcre2_serialize_decode() can read from invalid memory because it does not know bytes length

admin Tue, 21 Mar 2017 09:50:41 -0700

https://bugs.exim.org/show_bug.cgi?id=2077


Philip Hazel <p...@hermes.cam.ac.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #1 from Philip Hazel <p...@hermes.cam.ac.uk> ---
The pcre2serialize man page does already say this: "The facility for saving and
restoring compiled patterns is intended for use within individual applications.
As such, the data supplied to pcre2_serialize_decode() is expected to be
trusted data, not data from arbitrary external sources. There is only some
simple consistency checking, not complete validation of what is being
re-loaded."

I have added some more words about this particular issue. Thanks for the
report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 2077] pcre2_serialize_decode() can read from invalid memory because it does not know bytes length

Reply via email to