http://www.exim.org/bugzilla/show_bug.cgi?id=405
Summary: Logic error in pcre.c and pcre_compile.c
Product: Exim
Version: 4.63
Platform: All
URL: http://bugs.debian.org/397176
OS/Version: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Unfiled
AssignedTo: ph10@hermes.cam.ac.uk
ReportedBy: mh+exim-bugzilla@zugschlus.de
QAContact: exim-dev@exim.org
Hi,
this is Debian issue #397176, reported by Jochen Voss:
Hello,
recently I came across the following bit of code in the source file
exim4-4.63/src/pcre/pcre.c (function compile_branch, around line
3355):
/* Condition to test for a numbered subpattern match. We know that
if a digit follows ( then there will just be digits until ) because
the syntax was checked in the first pass. */
else if ((digitab[ptr[1]] && ctype_digit) != 0)
...
This is a programming error. The test for digits works by taking the
bitwise (not logical) and between the corresponding entry in 'digitab'
and the mask 'ctype_digit'. The if test should use '&' instead of
'&&'.
The code (including the bug) is duplicated in the file
"pcre_compile.c" around line 2822.
I did not check what the implications of this error are (false
positves only could occur if 'ptr[1]' is a hex digit and these might
be caught earlier in the syntax check?) but probably this should be
fixed anyway.
I hope this helps,
Jochen
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Summary: Logic error in pcre.c and pcre_compile.c
Product: Exim
Version: 4.63
Platform: All
URL: http://bugs.debian.org/397176
OS/Version: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Unfiled
AssignedTo: ph10@hermes.cam.ac.uk
ReportedBy: mh+exim-bugzilla@zugschlus.de
QAContact: exim-dev@exim.org
Hi,
this is Debian issue #397176, reported by Jochen Voss:
Hello,
recently I came across the following bit of code in the source file
exim4-4.63/src/pcre/pcre.c (function compile_branch, around line
3355):
/* Condition to test for a numbered subpattern match. We know that
if a digit follows ( then there will just be digits until ) because
the syntax was checked in the first pass. */
else if ((digitab[ptr[1]] && ctype_digit) != 0)
...
This is a programming error. The test for digits works by taking the
bitwise (not logical) and between the corresponding entry in 'digitab'
and the mask 'ctype_digit'. The if test should use '&' instead of
'&&'.
The code (including the bug) is duplicated in the file
"pcre_compile.c" around line 2822.
I did not check what the implications of this error are (false
positves only could occur if 'ptr[1]' is a hex digit and these might
be caught earlier in the syntax check?) but probably this should be
fixed anyway.
I hope this helps,
Jochen
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
--
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##