diff options
author | Michael Santos <[email protected]> | 2010-02-10 15:19:48 -0500 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2010-02-11 08:10:27 +0100 |
commit | bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3 (patch) | |
tree | 6c51e88d2a9eef850cddafce82d80517971f568c /erts/info.src | |
parent | 64a697339414f424073c5b021285fddb0ff2d9da (diff) | |
download | otp-bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3.tar.gz otp-bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3.tar.bz2 otp-bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3.zip |
Fix CVE-2008-2371 (outer level option with alternatives caused crash).
The patch is from:
http://vcs.pcre.org/viewvc?revision=360&view=revision
Test case:
re:compile(<<"(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]">>, [unicode]).
An option change at the start of a pattern that had top-level
alternatives could cause overwriting and/or a crash.
This potential security problem was recorded as CVE-2008-2371.
Diffstat (limited to 'erts/info.src')
0 files changed, 0 insertions, 0 deletions