diff options
author | DongHun Kwak <dh0128.kwak@samsung.com> | 2017-09-04 18:05:54 +0900 |
---|---|---|
committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2017-11-06 11:14:25 +0900 |
commit | 4f0fc8f07d1deac8984ce825a76db6c6e92e7a7a (patch) | |
tree | d38443651289b822ee9b747c5826ca4efa198fa5 | |
parent | 1f3cd6093f2a0c20751f9ff98736dd9fe62f360a (diff) | |
download | pcre-4f0fc8f07d1deac8984ce825a76db6c6e92e7a7a.tar.gz pcre-4f0fc8f07d1deac8984ce825a76db6c6e92e7a7a.tar.bz2 pcre-4f0fc8f07d1deac8984ce825a76db6c6e92e7a7a.zip |
Security Patch [CVE-2017-9729]submit/tizen_base/20171106.060041accepted/tizen/base/20171110.163209
- https://nvd.nist.gov/vuln/detail/CVE-2017-11164
- https://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?revision=1683&view=markup
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c
allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression
[Model] All
[BinType] AP
[Customer] OPEN
[Issue#] N/A
[Request] N/A
[Occurrence Version] N/A
[Problem] Security patch
[Cause & Measure] Security patch
[Checking Method] N/A
[Team] Open Source Management and Setting Part
[Developer] dh0128.kwak
[Solution company] Samsung
[Change Type] N/A
Change-Id: I28e0eb8a830a8f483f7ebc80e7d8c9516ce8f38d
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
-rw-r--r-- | pcre_exec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pcre_exec.c b/pcre_exec.c index 24b23ca..1a9bdd5 100644 --- a/pcre_exec.c +++ b/pcre_exec.c @@ -669,7 +669,7 @@ if (ecode == NULL) return match((PCRE_PUCHAR)&rdepth, NULL, NULL, 0, NULL, NULL, 1); else { - int len = (char *)&rdepth - (char *)eptr; + int len = (int)((char *)&rdepth - (char *)eptr); return (len > 0)? -len : len; } } |