Non deterministic infinite loops in find_recursive, 1:8.31-2ubuntu2

Bug #1414639 reported by Mario Costa
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pcre3 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Pcre library overflows in:

in (pcre_compile.c:2180:register int c = *code;) c i assigned to a value in [0-255].

in (pcre_compile.c:2239:code += PRIV(OP_lengths)[c];) the array is accessed via c, value.

This array is initialized using define OP_LENGTHS in (pcre_internal.h:1854) with 155 entries.

pcre_tables.c:59:const pcre_uint8 PRIV(OP_lengths)[] = { OP_LENGTHS };

Executing a test, matching a regullar expression, sometimes, it enters an infinit loop, in find_recurse.

Due to return value of PRIV(OP_lengths)[c] == 0, having c outside the size of the array.

I'll further add a simple application to reproduce.

Can, any one familliar with pcre3 library clarify if this overflow is a real issue !?
Thanks!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.