https://bugs.exim.org/show_bug.cgi?id=1779
Bug ID: 1779 Summary: Segfault in preg_match PHP 7.0.2 (stack corruption) Product: PCRE Version: 8.37 Hardware: x86-64 OS: Linux Status: NEW Severity: security Priority: medium Component: Code Assignee: p...@hermes.cam.ac.uk Reporter: cyo...@tripwire.com CC: pcre-dev@exim.org This pattern seems to be causing stack corruption when testing with php 7.0.2 preg_match() which uses PCRE 8.37: /(?(199999999999999999)(()())())/ $ gdb php [...] (gdb) r -r 'preg_match("/(?(199999999999999999)(()())())/","abcdef",$match,PREG_OFFSET_CAPTURE);' Starting program: /home/spotless/php-tip/php-src-php-7.0.2/sapi/cli/php -r 'preg_match("/(?(199999999999999999)(()())())/","abcdef",$match,PREG_OFFSET_CAPTURE);' Program received signal SIGBUS, Bus error. 0x00007ffff7f66086 in ?? () (gdb) exploitable /usr/share/gdb/python/gdb/command/exploitable_lib/exploitable.py:99: UserWarning: GDB v7.10 may not support required Python API warnings.warn("GDB v{} may not support required Python API".format(gdb_ver())) Description: Possible stack corruption Short description: PossibleStackCorruption (7/22) Hash: 0c1178206c70e25a83bda38cae6b2cc0.0c1178206c70e25a83bda38cae6b2cc0 Exploitability Classification: EXPLOITABLE Explanation: GDB generated an error while unwinding the stack and/or the stack contained return addresses that were not mapped in the inferior's process address space and/or the stack pointer is pointing to a location outside the default stack region. These conditions likely indicate stack corruption, which is generally considered exploitable. Other tags: AccessViolation (21/22) (gdb) bt #0 0x00007ffff7f66086 in ?? () #1 0x0000000000000000 in ?? () -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev