date:20210620

Re: [pcre-dev] Typo about (?^)

2021-06-20 Thread ND via Pcre-dev


On 2021-06-20 11:27, Philip Hazel wrote:

A little bit further up from what you quoted, the docs say this: "The two
"extended" options are not independent; unsetting either
one cancels the effects of both of them."  So (?-x) and (?-xx) are the
same, and unset both (?x) and (?xx).



I apologize for my carelessness.

--
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 2776] pcre2_match.cin PCRE2 10.23 stack-overflow.

2021-06-20 Thread admin

https://bugs.exim.org/show_bug.cgi?id=2776

Philip Hazel  changed:

   What|Removed |Added

 Resolution|--- |INVALID
 Status|NEW |RESOLVED

--- Comment #1 from Philip Hazel  ---
10.23 is very old code (released in 2017). Since then, the way pcre2_match()
works has been rewritten so as not to use the stack for backtracking. The
current release is 10.37. Please try your test on the latest release.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 2774] pcretest.c in PCRE 8.40 allows remote attackers to cause a denial of service (heap-based buffer overflow)

2021-06-20 Thread admin

https://bugs.exim.org/show_bug.cgi?id=2774

Philip Hazel  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WONTFIX

--- Comment #1 from Philip Hazel  ---
PCRE1 is at end-of-life. The final 8.45 release has recently happened.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 2773] pcretest.c in PCRE 8.40 allows remote attackers to cause a denial of service (heap-based buffer overflow)

2021-06-20 Thread admin

https://bugs.exim.org/show_bug.cgi?id=2773

Philip Hazel  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WONTFIX

--- Comment #1 from Philip Hazel  ---
PCRE1 is at end-of-life. The final 8.45 release has recently happened.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 2775] pcre_exec.c in PCRE 8.40 allows remote attackers to cause stack-overflow.

2021-06-20 Thread admin

https://bugs.exim.org/show_bug.cgi?id=2775

Philip Hazel  changed:

   What|Removed |Added

 Resolution|--- |WONTFIX
 Status|NEW |RESOLVED

--- Comment #1 from Philip Hazel  ---
PCRE1 is at end-of-life. The final 8.45 release has recently happened.

In any case, stack overflow in PCRE1 is a well-known issue that can be dealt
with by setting suitable limits.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 2776] New: pcre2_match.cin PCRE2 10.23 stack-overflow.

2021-06-20 Thread admin

https://bugs.exim.org/show_bug.cgi?id=2776

Bug ID: 2776
   Summary: pcre2_match.cin PCRE2 10.23 stack-overflow.
   Product: PCRE
   Version: 10.23 (PCRE2)
  Hardware: x86-64
OS: Linux
Status: NEW
  Severity: bug
  Priority: medium
 Component: Code
  Assignee: philip.ha...@gmail.com
  Reporter: 670605...@qq.com
CC: pcre-dev@exim.org

==32276==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc062ae400 (pc
0x005f0982 bp 0x7ffc062bc4a0 sp 0x7ffc062ae400 T0)
#0 0x5f0981 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:578
#1 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#2 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#3 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#4 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#5 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#6 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#7 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#8 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#9 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#10 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#11 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#12 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#13 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#14 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#15 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#16 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#17 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#18 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#19 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#20 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#21 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#22 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#23 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#24 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#25 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#26 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#27 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#28 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#29 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#30 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#31 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#32 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#33 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#34 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#35 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#36 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#37 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#38 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#39 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#40 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#41 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#42 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#43 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#44 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#45 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#46 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#47 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#48 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#49 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#50 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#51 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#52 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#53 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#54 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#55 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#56 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#57 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#58 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#59 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#60 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#61 0x5f4302 in

[pcre-dev] [Bug 2777] New: pcre2_match.cin PCRE2 10.23 stack-overflow.

2021-06-20 Thread admin

https://bugs.exim.org/show_bug.cgi?id=2777

Bug ID: 2777
   Summary: pcre2_match.cin PCRE2 10.23 stack-overflow.
   Product: PCRE
   Version: 10.23 (PCRE2)
  Hardware: x86-64
OS: Linux
Status: NEW
  Severity: bug
  Priority: medium
 Component: Code
  Assignee: philip.ha...@gmail.com
  Reporter: 670605...@qq.com
CC: pcre-dev@exim.org

==32276==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc062ae400 (pc
0x005f0982 bp 0x7ffc062bc4a0 sp 0x7ffc062ae400 T0)
#0 0x5f0981 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:578
#1 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#2 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#3 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#4 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#5 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#6 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#7 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#8 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#9 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#10 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#11 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#12 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#13 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#14 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#15 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#16 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#17 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#18 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#19 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#20 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#21 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#22 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#23 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#24 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#25 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#26 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#27 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#28 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#29 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#30 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#31 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#32 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#33 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#34 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#35 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#36 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#37 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#38 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#39 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#40 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#41 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#42 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#43 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#44 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#45 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#46 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#47 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#48 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#49 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#50 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#51 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#52 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#53 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#54 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#55 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#56 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#57 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#58 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#59 0x5f4302 in match /pcre2-CVE-2017-8786/src/pcre2_match.c:1017:9
#60 0x6035fd in match /pcre2-CVE-2017-8786/src/pcre2_match.c:2128:7
#61 0x5f4302 in

[pcre-dev] [Bug 2775] New: pcre_exec.c in PCRE 8.40 allows remote attackers to cause stack-overflow.

2021-06-20 Thread admin

https://bugs.exim.org/show_bug.cgi?id=2775

Bug ID: 2775
   Summary: pcre_exec.c in PCRE 8.40 allows remote attackers to
cause stack-overflow.
   Product: PCRE
   Version: 8.40
  Hardware: x86-64
OS: Linux
Status: NEW
  Severity: bug
  Priority: medium
 Component: Code
  Assignee: philip.ha...@gmail.com
  Reporter: 670605...@qq.com
CC: pcre-dev@exim.org

==40049==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc02a50340 (pc
0x005bb01f bp 0x7ffc02a55b80 sp 0x7ffc02a50340 T0)
#0 0x5bb01e in match /pcre-CVE-2017-7186/pcre_exec.c:516
#1 0x5bdbaa in match /pcre-CVE-2017-7186/pcre_exec.c:879:7
#2 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#3 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#4 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#5 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#6 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#7 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#8 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#9 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#10 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#11 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#12 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#13 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#14 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#15 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#16 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#17 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#18 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#19 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#20 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#21 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#22 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#23 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#24 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#25 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#26 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#27 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#28 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#29 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#30 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#31 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#32 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#33 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#34 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#35 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#36 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#37 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#38 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#39 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#40 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#41 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#42 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#43 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#44 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#45 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#46 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#47 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#48 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#49 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#50 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#51 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#52 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#53 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#54 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#55 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#56 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#57 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#58 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#59 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#60 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#61 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#62 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#63 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#64 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#65 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#66 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#67 0x5bea31 in match /pcre-CVE-2017-7186/pcre_exec.c:935:7
#68 0x5bea31 in

[pcre-dev] [Bug 2773] New: pcretest.c in PCRE 8.40 allows remote attackers to cause a denial of service (heap-based buffer overflow)

2021-06-20 Thread admin

https://bugs.exim.org/show_bug.cgi?id=2773

Bug ID: 2773
   Summary: pcretest.c in PCRE 8.40 allows remote attackers to
cause a denial of service (heap-based buffer overflow)
   Product: PCRE
   Version: 8.40
  Hardware: x86-64
OS: Linux
Status: NEW
  Severity: bug
  Priority: medium
 Component: Code
  Assignee: philip.ha...@gmail.com
  Reporter: 670605...@qq.com
CC: pcre-dev@exim.org

==28550==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62d08400 at pc 0x0052a216 bp 0x7ffc5b356fa0 sp 0x7ffc5b356f98
READ of size 1 at 0x62d08400 thread T0
#0 0x52a215 in pchars /pcre/pcretest.c:2045:7
#1 0x52b18a in callout /pcre/pcretest.c:2272:9
#2 0x5b0dea in internal_dfa_exec /pcre/pcre_dfa_exec.c:3078:20
#3 0x58cb45 in pcre_dfa_exec /pcre/pcre_dfa_exec.c:3616:8
#4 0x5225f4 in main /pcre/pcretest.c:5205:9
#5 0x7f48c72d282f in __libc_start_main
/build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291
#6 0x419c88 in _start (/pcre-/pcretest+0x419c88)

0x62d08400 is located 0 bytes to the right of 32768-byte region
[0x62d00400,0x62d08400)
allocated by thread T0 here:
#0 0x4d2718 in realloc
/fuzzer/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:79
#1 0x51b809 in main /pcre/pcretest.c:4593:31
#2 0x7f48c72d282f in __libc_start_main
/build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291

SUMMARY: AddressSanitizer: heap-buffer-overflow /pcre/pcretest.c:2045:7 in
pchars
Shadow bytes around the buggy address:
  0x0c5a7fff9030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a7fff9040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a7fff9050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a7fff9060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a7fff9070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c5a7fff9080:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff9090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff90a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff90b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff90c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff90d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:   fa
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
==28550==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 2774] New: pcretest.c in PCRE 8.40 allows remote attackers to cause a denial of service (heap-based buffer overflow)

2021-06-20 Thread admin

https://bugs.exim.org/show_bug.cgi?id=2774

Bug ID: 2774
   Summary: pcretest.c in PCRE 8.40 allows remote attackers to
cause a denial of service (heap-based buffer overflow)
   Product: PCRE
   Version: 8.40
  Hardware: x86-64
OS: Linux
Status: NEW
  Severity: bug
  Priority: medium
 Component: Code
  Assignee: philip.ha...@gmail.com
  Reporter: 670605...@qq.com
CC: pcre-dev@exim.org

==28550==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62d08400 at pc 0x0052a216 bp 0x7ffc5b356fa0 sp 0x7ffc5b356f98
READ of size 1 at 0x62d08400 thread T0
#0 0x52a215 in pchars /pcre/pcretest.c:2045:7
#1 0x52b18a in callout /pcre/pcretest.c:2272:9
#2 0x5b0dea in internal_dfa_exec /pcre/pcre_dfa_exec.c:3078:20
#3 0x58cb45 in pcre_dfa_exec /pcre/pcre_dfa_exec.c:3616:8
#4 0x5225f4 in main /pcre/pcretest.c:5205:9
#5 0x7f48c72d282f in __libc_start_main
/build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291
#6 0x419c88 in _start (/pcre-/pcretest+0x419c88)

0x62d08400 is located 0 bytes to the right of 32768-byte region
[0x62d00400,0x62d08400)
allocated by thread T0 here:
#0 0x4d2718 in realloc
/fuzzer/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:79
#1 0x51b809 in main /pcre/pcretest.c:4593:31
#2 0x7f48c72d282f in __libc_start_main
/build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291

SUMMARY: AddressSanitizer: heap-buffer-overflow /pcre/pcretest.c:2045:7 in
pchars
Shadow bytes around the buggy address:
  0x0c5a7fff9030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a7fff9040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a7fff9050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a7fff9060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a7fff9070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c5a7fff9080:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff9090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff90a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff90b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff90c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a7fff90d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:   fa
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
==28550==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

Re: [pcre-dev] Typo about (?^)

2021-06-20 Thread Philip Hazel via Pcre-dev

A little bit further up from what you quoted, the docs say this: "The two
"extended" options are not independent; unsetting either
one cancels the effects of both of them."  So (?-x) and (?-xx) are the
same, and unset both (?x) and (?xx).

Regards,
Philip

On Sat, 19 Jun 2021 at 16:57, ND via Pcre-dev  wrote:

> PCRE docs say:
>
> > If the first character following (? is a circumflex, it causes all of
> > the above options to be unset. > Thus, (?^) is equivalent to (?-imnsx).
>
>
> There is "xx" option. So may be docs have a typo?
>
> - "all of the above options"   ->   "all of the above options but xx"
> - or "(?^) is equivalent to (?-imnsx)"   ->   "(?^) is equivalent to
> (?-imnsxxx)"
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
>
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

Re: [pcre-dev] Typo about (?^)

[pcre-dev] [Bug 2776] pcre2_match.cin PCRE2 10.23 stack-overflow.

[pcre-dev] [Bug 2774] pcretest.c in PCRE 8.40 allows remote attackers to cause a denial of service (heap-based buffer overflow)

[pcre-dev] [Bug 2773] pcretest.c in PCRE 8.40 allows remote attackers to cause a denial of service (heap-based buffer overflow)

[pcre-dev] [Bug 2775] pcre_exec.c in PCRE 8.40 allows remote attackers to cause stack-overflow.

[pcre-dev] [Bug 2776] New: pcre2_match.cin PCRE2 10.23 stack-overflow.

[pcre-dev] [Bug 2777] New: pcre2_match.cin PCRE2 10.23 stack-overflow.

[pcre-dev] [Bug 2775] New: pcre_exec.c in PCRE 8.40 allows remote attackers to cause stack-overflow.

[pcre-dev] [Bug 2773] New: pcretest.c in PCRE 8.40 allows remote attackers to cause a denial of service (heap-based buffer overflow)

[pcre-dev] [Bug 2774] New: pcretest.c in PCRE 8.40 allows remote attackers to cause a denial of service (heap-based buffer overflow)

Re: [pcre-dev] Typo about (?^)

11 matches

Site Navigation

Mail list logo

Footer information