------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1546 Summary: Heap buffer overflow in pcregrep Product: PCRE Version: 8.36 Platform: x86-64 OS/Version: Linux Status: NEW Severity: security Priority: medium Component: Code AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] echo "a" | /tmp/pcre-8.36/pcregrep "((?=(?(?=(?(?=(?(?=())))*))))){2}" - ================================================================= ==29857==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61000000fb94 at pc 0x7faf416f0dc6 bp 0x7fff9c91d3b0 sp 0x7fff9c91d3a8 READ of size 1 at 0x61000000fb94 thread T0 #0 0x7faf416f0dc5 in match /tmp/pcre-8.36/pcre_exec.c:1410:9 #1 0x7faf416dfe35 in match /tmp/pcre-8.36/pcre_exec.c:1538:7 #2 0x7faf416e46de in match /tmp/pcre-8.36/pcre_exec.c:1399:7 #3 0x7faf416dfe35 in match /tmp/pcre-8.36/pcre_exec.c:1538:7 #4 0x7faf416ee260 in match /tmp/pcre-8.36/pcre_exec.c:983:9 #5 0x7faf416dcd49 in pcre_exec /tmp/pcre-8.36/pcre_exec.c:6923:8 #6 0x4a4580 in match_patterns /tmp/pcre-8.36/pcregrep.c:1449:10 #7 0x4a13ca in pcregrep /tmp/pcre-8.36/pcregrep.c:1679:11 #8 0x4a3624 in grep_or_recurse /tmp/pcre-8.36/pcregrep.c:2122:10 #9 0x49efbf in main /tmp/pcre-8.36/pcregrep.c:3251:13 #10 0x7faf405b7ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #11 0x4172a6 in _start (/tmp/pcre-8.36/.libs/lt-pcregrep+0x4172a6) AddressSanitizer can not describe address in more detail (wild memory access suspected). SUMMARY: AddressSanitizer: heap-buffer-overflow /tmp/pcre-8.36/pcre_exec.c:1410 match Shadow bytes around the buggy address: 0x0c207fff9f20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff9f30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff9f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff9f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff9f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c207fff9f70: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff9f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff9f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff9fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff9fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff9fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac ASan internal: fe ==29857==ABORTING ___________ Thanks, Michele Spagnuolo -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
