/[pcre]/code/trunk/ChangeLog
ViewVC logotype

Diff of /code/trunk/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 360 by ph10, Wed Jul 9 20:00:28 2008 UTC revision 366 by ph10, Mon Jul 14 15:45:32 2008 UTC
# Line 49  Version 8.0 02 Jul-08 Line 49  Version 8.0 02 Jul-08
49        printf "/(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]/8\n" | pcretest        printf "/(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]/8\n" | pcretest
50    
51      This potential security problem was recorded as CVE-2008-2371.      This potential security problem was recorded as CVE-2008-2371.
52    
53    12. For a pattern where the match had to start at the beginning or immediately
54        after a newline (e.g /.*anything/ without the DOTALL flag), pcre_exec() and
55        pcre_dfa_exec() could read past the end of the passed subject if there was
56        no match. To help with detecting such bugs (e.g. with valgrind), I modified
57        pcretest so that it places the subject at the end of its malloc-ed buffer.
58    
59    13. The change to pcretest in 12 above threw up a couple more cases when pcre_
60        exec() might read past the end of the data buffer in UTF-8 mode.
61    
62    14. A similar bug to 7.3/2 existed when the PCRE_FIRSTLINE option was set and
63        the data contained the byte 0x85 as part of a UTF-8 character within its
64        first line. This applied both to normal and DFA matching.
65    
66    15. Lazy qualifiers were not working in some cases in UTF-8 mode. For example,
67        /^[^d]*?$/8 failed to match "abc".
68    
69    
70  Version 7.7 07-May-08  Version 7.7 07-May-08

Legend:
Removed from v.360  
changed lines
  Added in v.366

  ViewVC Help
Powered by ViewVC 1.1.5