https://bugs.exim.org/show_bug.cgi?id=2047
--- Comment #5 from Philip Hazel <[email protected]> --- It is very easy to write patterns that have extremely large search trees, and these can consume a lot of time and/or stack in the current implementation of pcre2_match(). There are options (*LIMIT_MATCH) and (*LIMIT_RECURSION) that can be used to limit the amount of stack that is used. The limits can also be set from pcretest and from programs that call the library directly. This is all well documented. Fuzzers should always set these limits much lower than the defaults. See, for example, the file src/pcre2_fuzzsupport.c in PCRE2. Also, as I have said several times recently on the list, there will soon be a new implementation of pcre2_match() that uses heap storage rather than the stack. The same limits are available to control the amount of resource used. This should avoid stack overflows, but there will always be patterns that will take a lot of resources if you don't limit them. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
