[Bug 1025670] Re: Segfault (.bss overflow) in PCRE

[Tim Starling]

I have confirmed it in Lucid and Precise. It's possible that it's fixed
already in Quantal. The message you quote is the expected response when
the bug has been fixed (or if the codepoint is more than 7 hexadecimal
digits).

Ubuntu's PHP packages link to libpcre3, and some PHP applications (for
example the one I work on) allow web users to specify PCRE regex
patterns. So it's a DoS vulnerability, and when used with Apache with a
threaded MPM, perhaps it could be used to leak private data from
unrelated web requests. If the patch is backported to Lucid and Precise,
then we'll be able to keep using PCRE from Ubuntu, we won't have to
create our own packages.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pcre3 in Ubuntu.
https://bugs.launchpad.net/bugs/1025670

Title:
  Segfault (.bss overflow) in PCRE

Status in “pcre3” package in Ubuntu:
  Confirmed

Bug description:
  A bug in PCRE was fixed upstream. The issue is a segfault with a
  pattern like /\x{300000}/ui, e.g.

  pcregrep -ui '\x{300000}' < /dev/null

  There was no bounds checking on access to some UCD character tables,
  and insufficient bounds checking in \x character construction. The fix
  was included in a commit that did a lot of other things:

  http://vcs.pcre.org/viewvc?view=revision&revision=774

  but I have split out the relevant single-line fix for your
  convenience. Patch attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1025670/+subscriptions