------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1503 Zoltan Herczeg <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Zoltan Herczeg <[email protected]> 2014-07-11 14:50:41 --- Hi, this is a nice catch! It cause could_be_empty_branch() to recursively call itself forever (Note: the functions detects whether a bracket matches an empty string or not). This case probably needs an extra check. Few comments though: It is well known that PCRE can be made to exhaust the stack. There are stack limit checks for that in the code. Not this one though, because this is simply a bug. I don't think you can exploit this in any other way than crashing the program. I know how buffer overflow works, and this doesn't seem that case, because could_be_empty_branch() never returns. So no matter how you put data on the stack (which you couldn't btw), it will never be executed. Instead the program will simply crash when the bottom of the stack is reached. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
