[pcre-dev] [Bug 2463] New: Integer overflow parsing callout numeric arg in pcre1

admin Wed, 06 Nov 2019 16:22:52 -0800

https://bugs.exim.org/show_bug.cgi?id=2463


            Bug ID: 2463
           Summary: Integer overflow parsing callout numeric arg in pcre1
           Product: PCRE
           Version: 8.43
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
          Assignee: p...@hermes.cam.ac.uk
          Reporter: bpfo...@google.com
                CC: pcre-dev@exim.org

Created attachment 1229
  --> https://bugs.exim.org/attachment.cgi?id=1229&action=edit
Check (?C<arg>) integer arg for overflow

Fix int overflow when parsing "?C<arg>" callout args.

This is probably harmless, because numerical args must be 0-255, so this
shouldn't break correct usage.

Found with Google's ClusterFuzz and ASAN.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 2463] New: Integer overflow parsing callout numeric arg in pcre1

Reply via email to