Ubuntu
gvfs package

  1. Bug #1798725
  2. Comment #0

Comment 0 for bug 1798725

Revision history for this message
Alex Murray (alexmurray) wrote : Content "n\xff=" can crash libpcre when an application is matching the pattern \s*=

Reported upstream at https://bugs.exim.org/show_bug.cgi?id=2330 - libpcre3 can be made to crash when matching the pattern \s*= when the context is n\xff=

Able to reproduce on current Bionic using the PoC attached (which is copied directly from the upstream bug report) - in a fresh Bionic VM:

$ sudo apt install build-essential libgtk2.0-dev
$ cd PCRE_PoC
$ ./compilePoC.sh
$ ./PoC
Content:
-------------------
n�=
-------------------
Pattern:
-------------------
\s*=
---------------------
Segmentation fault (core dumped)

Haven't yet tested the second PoC via an external disk autorun.inf and gvfs-udisks2-volume-monitor.

Also haven't tested in Cosmic / older releases