diff options
| author | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-12-05 16:58:46 +0000 |
|---|---|---|
| committer | ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> | 2015-12-05 16:58:46 +0000 |
| commit | 40363ebc19baeab160abaaa55dc84322a89ac35a (patch) | |
| tree | ab7b019b45ec6cd4c42c5d390b44f349bb309f64 /ChangeLog | |
| parent | db1fb68feddc9afe6f8822d099fa9ff25e3ea8e7 (diff) | |
| download | pcre-40363ebc19baeab160abaaa55dc84322a89ac35a.tar.gz | |
Fix (by hacking) another length computation issue.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1619 2f5784b3-3f2a-0410-8824-cb99058d5e15
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -35,6 +35,11 @@ Version 8.39 xx-xxxxxx-201x 8. An call of pcre_copy_named_substring() for a named substring whose number was greater than the space in the ovector could cause a crash. + +9. Yet another buffer overflow bug involved duplicate named groups with a + group that reset capture numbers (compare 8.38/7 below). Once again, I have + just allowed for more memory, even if not needed. (A proper fix is + implemented in PCRE2, but it involves a lot of refactoring.) Version 8.38 23-November-2015 @@ -42,7 +47,7 @@ Version 8.38 23-November-2015 1. If a group that contained a recursive back reference also contained a forward reference subroutine call followed by a non-forward-reference - subroutine call, for example /.((?2)(?R)\1)()/, pcre2_compile() failed to + subroutine call, for example /.((?2)(?R)\1)()/, pcre_compile() failed to compile correct code, leading to undefined behaviour or an internally detected error. This bug was discovered by the LLVM fuzzer. |