diff options
| author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2012-10-30 17:54:19 +0000 |
|---|---|---|
| committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2012-10-30 17:54:19 +0000 |
| commit | 30c38b72f7c232b1b2fadd66f4da75e5117f91a3 (patch) | |
| tree | 7d7731b92abcb7d1df0ecaa1db2a769670eb4db2 | |
| parent | 3aae77a816a2cd697bf3f3e7b4c63545cce3ab9d (diff) | |
| download | pcre-30c38b72f7c232b1b2fadd66f4da75e5117f91a3.tar.gz | |
Documentation update.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1193 2f5784b3-3f2a-0410-8824-cb99058d5e15
| -rw-r--r-- | doc/pcre.3 | 34 |
1 files changed, 32 insertions, 2 deletions
@@ -1,4 +1,4 @@ -.TH PCRE 3 "29 October 2012" "PCRE 8.32" +.TH PCRE 3 "30 October 2012" "PCRE 8.32" .SH NAME PCRE - Perl-compatible regular expressions .SH INTRODUCTION @@ -107,6 +107,36 @@ are exported when a shared library is built, and in these cases the undocumented symbols are not exported. . . +.SH "SECURITY CONSIDERATIONS" +.rs +.sp +If you are using PCRE in a non-UTF application that permits users to supply +arbitrary patterns for compilation, you should be aware of a feature that +allows users to turn on UTF support from within a pattern, provided that PCRE +was built with UTF support. For example, an 8-bit pattern that begins with +"(*UTF8)" turns on UTF-8 mode. This causes both the pattern and any data +against which it is matched to be checked for UTF-8 validity. If the data +string is very long, such a check might use sufficiently many resources as to +cause your application to lose performance. +.P +The best way of guarding against this possibility is to use the +\fBpcre_fullinfo()\fP function to check the compiled pattern's options for UTF. +.P +If your application is one that supports UTF, be aware that validity checking +can take time. If the same data string is to be matched many times, you can use +the PCRE_NO_UTF[8|16|32]_CHECK option for the second and subsequent matches to +save redundant checks. +.P +Another way that performance can be hit is by running a pattern that has a very +large search tree against a string that will never match. Nested unlimited +repeats in a pattern are a common example. PCRE provides some protection +against this: see the PCRE_EXTRA_MATCH_LIMIT feature in the +.\" HREF +\fBpcreapi\fP +.\" +page. +. +. .SH "USER DOCUMENTATION" .rs .sp @@ -165,6 +195,6 @@ two digits 10, at the domain cam.ac.uk. .rs .sp .nf -Last updated: 29 October 2012 +Last updated: 30 October 2012 Copyright (c) 1997-2012 University of Cambridge. .fi |