On Sun, 26 Mar 2017, Salvatore Bonaccorso wrote:
> I tried to follow the status for CVE-2017-7245 (#858678), and it looks
> they fail still on "current" revision from upstrema VCS.
>
> I'm on r1689 ("Fix DFA match handling of possessive repeated character
> class (Bugzilla 2086).") and compiling locally wit ASAN:
>
> (basically only CFLAGS="-g -O0 -fsanitize=address"
> LDFLAGS="-fsanitize=address" and I'm explicitly calling configure with
> --enable-pcre32 --disable-shared to explicitly catch the issues):
>
> CVE-2017-7245:
>
> $ ./pcretest -32 -d ~/poc/00207-pcre-stackoverflow-pcre32_copy_substring
I'm afraid I cannot reproduce this bug from the data in your email. I
suspect some of the characters are getting mangled somehow on their way
through the mail system.
> (the reproducer files are from Agostino Sarubbo git repository).
Please remind me where this is so that I can try to get the failing
file.
Regards,
Philip
--
Philip Hazel
