Bug 1119272 - Wrong compilation of zero-repeated groups with recursive back reference can cause crash
Summary: Wrong compilation of zero-repeated groups with recursive back reference can c...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pcre
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Pisar
QA Contact: Fedora Extras Quality Assurance
URL: http://bugs.exim.org/show_bug.cgi?id=...
Whiteboard:
: 1285409 (view as bug list)
Depends On:
Blocks: CVE-2015-2327
TreeView+ depends on / blocked
 
Reported: 2014-07-14 12:00 UTC by Petr Pisar
Modified: 2016-11-08 16:05 UTC (History)
3 users (show)

Fixed In Version: pcre-8.32-10.fc19
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1119356 (view as bug list)
Environment:
Last Closed: 2014-07-19 06:02:27 UTC


Attachments (Terms of Use)

Description Petr Pisar 2014-07-14 12:00:53 UTC
There is a bug in pattern compiler than can lead to crash:

$ printf '%s\n%s\n' '/(((a\2)|(a*)\g<-1>))*a?/B' '' | pcretest 
PCRE version 8.33 2013-05-28

  re> Neoprávněný přístup do paměti (SIGSEGV)

It has been fixed by upstream with:

commit d35a6c663d37e072f4a5440f281f62aa6dc42418
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date:   Sat Jul 12 18:22:54 2014 +0000

    Fix compiler crash/misbehaviour for zero-repeated groups that include a
    recursive back reference.
    
    
    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1495 2f5784b3-3f2a-0410-8824-cb99058d5e15

Comment 1 Petr Pisar 2014-07-14 13:44:50 UTC
All Fedoras are affected.

Comment 2 Fedora Update System 2014-07-14 15:22:14 UTC
pcre-8.33-6.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/pcre-8.33-6.fc20

Comment 3 Fedora Update System 2014-07-14 15:28:08 UTC
pcre-8.32-10.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/pcre-8.32-10.fc19

Comment 4 Fedora Update System 2014-07-16 02:00:18 UTC
Package pcre-8.33-6.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pcre-8.33-6.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-8346/pcre-8.33-6.fc20
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2014-07-19 06:02:27 UTC
pcre-8.33-6.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2014-07-30 21:56:23 UTC
pcre-8.32-10.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Petr Pisar 2015-11-25 16:29:03 UTC
*** Bug 1285409 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.