Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1119356 - Wrong compilation of zero-repeated groups with recursive back reference can cause crash
Wrong compilation of zero-repeated groups with recursive back reference can c...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pcre (Show other bugs)
7.1
Unspecified Unspecified
unspecified Severity high
: rc
: ---
Assigned To: Petr Pisar
Jan Kepler
http://bugs.exim.org/show_bug.cgi?id=...
: Patch
Depends On:
Blocks: 1110700 1191021 CVE-2015-2327
  Show dependency treegraph
 
Reported: 2014-07-14 11:20 EDT by Petr Pisar
Modified: 2016-04-27 03:39 EDT (History)
5 users (show)

See Also:
Fixed In Version: pcre-8.32-15.el7
Doc Type: Bug Fix
Doc Text:
Compiling zero-repeated groups with recursive back references no longer causes PCRE to crash.
Story Points: ---
Clone Of: 1119272
Environment:
Last Closed: 2015-11-19 00:15:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Upstream patch ported to 8.32 (5.43 KB, patch)
2014-07-14 11:20 EDT, Petr Pisar 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2142 normal SHIPPED_LIVE pcre bug fix update 2015-11-19 03:16:47 EST

  None (edit)
Description Petr Pisar 2014-07-14 11:20:02 EDT 
+++ This bug was initially created as a clone of Bug #1119272 +++

There is a bug in pattern compiler than can lead to crash:

$ printf '%s\n%s\n' '/(((a\2)|(a*)\g<-1>))*a?/B' '' | pcretest 
PCRE version 8.33 2013-05-28

  re> Neoprávněný přístup do paměti (SIGSEGV)

It has been fixed by upstream with:

commit d35a6c663d37e072f4a5440f281f62aa6dc42418
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date:   Sat Jul 12 18:22:54 2014 +0000

    Fix compiler crash/misbehaviour for zero-repeated groups that include a
    recursive back reference.
    
    
    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1495 2f5784b3-3f2a-0410-8824-cb99058d5e15

--- Additional comment from Petr Pisar on 2014-07-14 13:44:50 GMT ---

All Fedoras are affected.
------

RHEL-7 is affected (pcre-8.32-12.el7.x86_64).
Comment 1 Petr Pisar 2014-07-14 11:20:56 EDT 
Created attachment 917899 [details]
Upstream patch ported to 8.32
Comment 9 errata-xmlrpc 2015-11-19 00:15:06 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2142.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.