------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1187 --- Comment #15 from Philip Hazel <[email protected]> 2012-01-04 09:35:26 --- On Wed, 4 Jan 2012, Christos Chatzaras wrote: > --- Comment #14 from Christos Chatzaras <[email protected]> 2012-01-04 > 02:33:04 --- > Please read the last post at > https://www.vbulletin.com/forum/showthread.php/393530-VBulletin-4-1-0-and-PCRE-8-21-bug We believe that we have identified the problem, and that it is fixed by this patch: --- code/trunk/pcre_compile.c 2011/12/07 16:52:34 793 +++ code/trunk/pcre_compile.c 2011/12/18 10:03:38 807 @@ -1655,7 +1655,8 @@ case OP_ASSERTBACK: case OP_ASSERTBACK_NOT: do cc += GET(cc, 1); while (*cc == OP_ALT); - /* Fall through */ + cc += _pcre_OP_lengths[*cc]; + break; This patch was already applied to the PCRE trunk (after 8.21) to fix a different report of the same bug. A failing pattern was provided in that report, so it was easy to figure out what was going on. This is the ChangeLog entry: 2. Fixed a bug in fixed-length calculation for lookbehinds that would show up only in quite long subpatterns. The patterns in that PHP function were presumably long enough to trigger the bug. I have only been able to post this message because of a great amount of investigative work that was done by a PCRE user who has been communicating with me privately. (I must ask if it's ok to acknowledge his/her identity here.) This user did the hard work of constructing a full pattern from the PHP function and ran a lot of tests on it. Because the bug could cause a reference to uninitialized memory, the results could be random. With the above patch, no errors have arisen in a large number of tests. Philip -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
