It was discovered that spsecially crafted regular expressions involving codeprints greater than 255 could cause a buffer overflow in the PCRE library. The risk is LOW.
PCRE_GET_SUBSTRING_LIST(3) Library Functions Manual PCRE_GET_SUBSTRING_LIST(3)NAME
PCRE - Perl-compatible regular expressions
SYNOPSIS
#include <pcre.h>
int pcre_get_substring_list(const char *subject,
int *ovector, int stringcount, const char ***listptr);
int pcre16_get_substring_list(PCRE_SPTR16 subject,
int *ovector, int stringcount, PCRE_SPTR16 **listptr);
int pcre32_get_substring_list(PCRE_SPTR32 subject,
int *ovector, int stringcount, PCRE_SPTR32 **listptr);
DESCRIPTION
This is a convenience function for extracting a list of all the captured substrings. The arguments are:
subject Subject that has been successfully matched
ovector Offset vector that pcre[16|32]_exec used
stringcount Value returned by pcre[16|32]_exec
listptr Where to put a pointer to the list
The memory in which the substrings and the list are placed is obtained by calling pcre[16|32]_malloc(). The convenience function
pcre[16|32]_free_substring_list() can be used to free it when it is no longer needed. A pointer to a list of pointers is put in the vari-
able whose address is in listptr. The list is terminated by a NULL pointer. The yield of the function is zero on success or
PCRE_ERROR_NOMEMORY if sufficient memory could not be obtained.
There is a complete description of the PCRE native API in the pcreapi page and a description of the POSIX API in the pcreposix page.
PCRE 8.30 24 June 2012 PCRE_GET_SUBSTRING_LIST(3)