← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #50115

[Bug 1414639] [NEW] Non deterministic infinite loops in find_recursive, 1:8.31-2ubuntu2

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Pcre library overflows in:

in (pcre_compile.c:2180:register int c = *code;) c i assigned to a value
in [0-255].

in (pcre_compile.c:2239:code += PRIV(OP_lengths)[c];) the array is
accessed via c, value.

This array is initialized using define OP_LENGTHS in
(pcre_internal.h:1854) with 155 entries.

pcre_tables.c:59:const pcre_uint8 PRIV(OP_lengths)[] = { OP_LENGTHS };

Executing a test, matching a regullar expression, sometimes, it enters
an infinit loop, in find_recurse.

Due to return value of PRIV(OP_lengths)[c] == 0, having c outside the
size of the array.

I'll further add a simple application to reproduce.

Can, any one familliar with pcre3 library clarify if this overflow is a real issue !?
Thanks!

** Affects: pcre3 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcre3 in Ubuntu.
https://bugs.launchpad.net/bugs/1414639

Title:
  Non deterministic infinite loops in find_recursive, 1:8.31-2ubuntu2

Status in pcre3 package in Ubuntu:
  New

Bug description:
  Pcre library overflows in:

  in (pcre_compile.c:2180:register int c = *code;) c i assigned to a
  value in [0-255].

  in (pcre_compile.c:2239:code += PRIV(OP_lengths)[c];) the array is
  accessed via c, value.

  This array is initialized using define OP_LENGTHS in
  (pcre_internal.h:1854) with 155 entries.

  pcre_tables.c:59:const pcre_uint8 PRIV(OP_lengths)[] = { OP_LENGTHS };

  Executing a test, matching a regullar expression, sometimes, it enters
  an infinit loop, in find_recurse.

  Due to return value of PRIV(OP_lengths)[c] == 0, having c outside the
  size of the array.

  I'll further add a simple application to reproduce.

  Can, any one familliar with pcre3 library clarify if this overflow is a real issue !?
  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1414639/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next