https://bugs.exim.org/show_bug.cgi?id=2139
Philip Hazel <p...@hermes.cam.ac.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #3 from Philip Hazel <p...@hermes.cam.ac.uk> ---
I discovered that I have got "unrar" on my box, so I looked at your POC1 file.
This is a typical case of a pattern that is going to use a lot of resources
before it can conclude "no match". That is, there is a very large tree of
possibilities that it has to search. I tested this with the latest (rewritten)
code and it just ran for a long time. There are limits that you can apply to
catch these kinds of match. A "match limit" of 21000 or less stops the search
quickly. I do not think this is a bug.
It is advisable for testing by fuzzing to put default resource limits on
everything so that these kinds of false positives do not happen.
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
