Hi, On Wed, 27 Jun 2018 at 19:50, <[email protected]> wrote: > I don't think there's any guarantee of not crashing unless you can > guarantee the data is not corrupted. For example, it contains lengths of > patterns, and if these are overwritten, it might read past the end of > the data. There are sanity checks on the magic number, etc. and there > are some other checks within the code - for example if the purported > size of a pattern is less than the minimum.
Thanks for the clarification. Yes, the end user of the API is fully responsible for the data integrity. What it's really important here is that it's always safe to tell PCRE to deserialize patterns from data obtained through the PCRE serialization functions, possibly coming from another OS / CPU / PCRE version. (If PCRE deserialization reject to deserialize, that's safe as well and fine by me). If PCRE can't guarantee this I can provide my own protection, of course; but it would be silly to duplicate checks which are already there. Thanks, -- Giuseppe D'Angelo -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
