https://bugs.exim.org/show_bug.cgi?id=2051
Bug ID: 2051
Summary: two null pointer dereference in pcre_exec.c
Product: PCRE
Version: N/A
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: p...@hermes.cam.ac.uk
Reporter: a...@gentoo.org
CC: pcre-dev@exim.org
Created attachment 992
--> https://bugs.exim.org/attachment.cgi?id=992&action=edit
stacktrace
Hello,
I found two null pointer dereference through fuzzing.
The ASan trace you will see in attachment is the same as reported in bug 2044.
Additionally you can see:
pcre-8.40/pcre_exec.c:1793:41: runtime error: null pointer passed as argument
2, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
pcre-8.40/pcre_exec.c:1808:16: runtime error: null pointer passed as argument
1, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
pcre-8.40/pcretest.c:5083:15: runtime error: member access within null pointer
of type 'regmatch_t'
I don't know if it is a simply duplicate or not.
It was tested on version 8.40, compiled with clang-3.9.1
Output, included stacktrace in attachment.
Command to reproduce:
# pcretest -32 -d $FILE
Reproducer:
https://github.com/asarubbo/poc/blob/master/00203-pcre-nullptr-pcre_exec
( I know that is preferable attach reproducer here, but this link won't expire
in the future )
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
