[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
The Precise Pangolin has reached end of life, so this bug will not be fixed for that release ** Changed in: pcre3 (Ubuntu Precise) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
Trying to use the test changes linked to in comment 4 I'm still unable to get testoutput5 to pass. ** Changed in: pcre3 (Ubuntu Precise) Status: In Progress = Triaged ** Changed in: pcre3 (Ubuntu Precise) Assignee: Brian Murray (brian-murray) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
Ah, yes I had tested this on a Quantal system. I'll go ahead and get this uploaded to Precise. Would you also like to see it fixed in Lucid? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
** Also affects: pcre3 (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: pcre3 (Ubuntu Precise) Status: New = In Progress ** Changed in: pcre3 (Ubuntu Precise) Importance: Undecided = High ** Changed in: pcre3 (Ubuntu Precise) Assignee: (unassigned) = Brian Murray (brian-murray) ** Changed in: pcre3 (Ubuntu) Status: Confirmed = Fix Released ** Changed in: pcre3 (Ubuntu) Importance: Low = High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
This ended up failing to build: Test 5: API, internals, and non-Perl stuff for UTF-8 support --- ./testdata/testoutput5 2010-11-20 09:25:30.0 -0800 +++ testtry 2012-07-19 11:41:57.478566371 -0700 @@ -50,40 +50,22 @@ Need char = 128 /\x{100}/8DZ --- -Bra -\x{100} -Ket -End --- -Capturing subpattern count = 0 -Options: utf8 -First char = 249 -Need char = 128 +Failed: character value in \x{...} sequence is too large at offset 10 /\x{400}/8DZ --- -Bra -\x{400} -Ket -End --- -Capturing subpattern count = 0 -Options: utf8 -First char = 252 -Need char = 128 +Failed: number too big in {} quantifier at offset 10 /\x{7fff}/8DZ -- Bra -\x{7fff} +\x00{7fff} Ket End -- Capturing subpattern count = 0 Options: utf8 -First char = 253 -Need char = 191 +First char = 0 +Need char = '}' /[\x{ff}]/8DZ -- @@ -110,10 +92,9 @@ No need char /\x{}/8 -Failed: character value in \x{...} sequence is too large at offset 11 /\x{1}/8 -Failed: character value in \x{...} sequence is too large at offset 12 +Failed: number too big in {} quantifier at offset 12 /^\x{100}a\x{1234}/8 \x{100}a\x{1234}bcd FAIL: RunTest Testing pcregrep pcregrep version 8.12 2011-01-15 Testing pcregrep UTF-8 features Testing pcregrep newline settings PASS: RunGrepTest === 1 of 5 tests failed === make[2]: *** [check-TESTS] Error 1 make[2]: Leaving directory `/«PKGBUILDDIR»' make[1]: *** [check-am] Error 2 make[1]: Leaving directory `/«PKGBUILDDIR»' make: *** [build-stamp] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 Build finished at 20120719-1142 Finished E: Build failure (dpkg-buildpackage died) ┌──┐ │ Cleanup │ └──┘ Purging /«BUILDDIR» Not cleaning session: cloned chroot in use ┌──┐ │ Summary │ └──┘ Architecture: amd64 Build-Space: 15916 Build-Time: 114 Distribution: precise Fail-Stage: build Install-Time: 63 Job: pcre3_8.12-4ubuntu1.dsc Package: pcre3 Package-Time: 598 Source-Version: 8.12-4ubuntu1 Space: 15916 Status: attempted Version: 8.12-4ubuntu1 Finished at 20120719-1142 Build needed 00:09:58, 15916k disc space -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
I was unable to create a crash given the command that you provided. Instead I received an error message ...'character value in \x{...} sequence is too large'. I also don't see any crash reports about pcre3, so I think the best thing may just be to wait for the patch to come from upstream. Is there a particular reason we should patch pcre3 in Ubuntu to fix this? Thanks in advance. ** Changed in: pcre3 (Ubuntu) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
I have confirmed it in Lucid and Precise. It's possible that it's fixed already in Quantal. The message you quote is the expected response when the bug has been fixed (or if the codepoint is more than 7 hexadecimal digits). Ubuntu's PHP packages link to libpcre3, and some PHP applications (for example the one I work on) allow web users to specify PCRE regex patterns. So it's a DoS vulnerability, and when used with Apache with a threaded MPM, perhaps it could be used to leak private data from unrelated web requests. If the patch is backported to Lucid and Precise, then we'll be able to keep using PCRE from Ubuntu, we won't have to create our own packages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
** Patch added: Limit unicode codepoint to U+10 https://bugs.launchpad.net/bugs/1025670/+attachment/3226061/+files/fix-large-char-segfault.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
The attachment Limit unicode codepoint to U+10 of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report. [This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: pcre3 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025670] Re: Segfault (.bss overflow) in PCRE
Sorry, the correct revision is 781 not 774: http://vcs.pcre.org/viewvc?view=revisionrevision=781 http://vcs.pcre.org/viewvc/code/branches/pcre16/pcre_compile.c?r1=781r2=780pathrev=781#l996 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025670 Title: Segfault (.bss overflow) in PCRE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs