PCRE2 before 2017-03-10 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783 Upstream patch: https://vcs.pcre.org/pcre2?view=revision&revision=674
Created pcre2 tracking bugs for this issue: Affects: epel-all [bug 1449630] Affects: fedora-all [bug 1449631]
Are you sure this the right commit? The r674 commit is from 2017-03-22. I also enabled the fuzzer support but running ./pcre2test with the linked reproducer does not show any crashes or abortions.
(In reply to Petr Pisar from comment #2) > Are you sure this the right commit? The r674 commit is from 2017-03-22. I see. It's about unreleased code. Ignore my question.