[pcre-dev] [Bug 1548] New: SIGSEGV at predictable addresses by adjusting the number of parentheses in a regex

Wed, 19 Nov 2014 01:45:05 -0800 

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1548
           Summary: SIGSEGV at predictable addresses by adjusting the number
                    of parentheses in a regex
           Product: PCRE
           Version: 8.36
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: security
          Priority: high
         Component: Code
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected]


Target is compiled with ASAN, version 8.36.

$ pcregrep "(?(?=)?==)(((((((((?=)))))))))" /etc/passwd

==8224==ERROR: AddressSanitizer: SEGV on unknown address 0x60e000015ca6 (pc
0x000000550452 bp 0x7fff8037b1b0 sp 0x7fff80374320 T0)

Adding one ( ) :

$ pcregrep "(?(?=)?==)((((((((((?=))))))))))" /etc/passwd

==8429==ERROR: AddressSanitizer: SEGV on unknown address 0x60f000016c96 (pc
0x000000550452 bp 0x7fffa9643910 sp 0x7fffa963ca80 T0)

Adding (( )) again:

$ pcregrep "(?(?=)?==)((((((((((((?=))))))))))))" /etc/passwd
=================================================================
==16276==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61000000fc86 at pc 0x00000055044a bp 0x7fffe1658c70 sp 0x7fffe1658c68
READ of size 1 at 0x61000000fc86 thread T0
    #0 0x550449 in match
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcre_exec.c:1410:9
    #1 0x53ba23 in pcre_exec
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcre_exec.c:6923:8
    #2 0x4b947c in match_patterns
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcregrep.c:1449:10
    #3 0x4ac77d in pcregrep
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcregrep.c:1679:11
    #4 0x4b3661 in grep_or_recurse
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcregrep.c:2293:6
    #5 0x4a50dd in main
/usr/local/google/home/mikispag/Downloads/pcre-8.36/pcregrep.c:3251:13
    #6 0x7fec0c9e3ec4 in __libc_start_main
/build/buildd/eglibc-2.19/csu/libc-start.c:287
    #7 0x416ec6 in _start (/usr/bin/pcregrep+0x416ec6)

The addresses are the same for each execution.


-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

Reply via email to