Bug#397174: marked as done (apache2: logic error in source file "pcre.c")

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 5 Nov 2006 12:46:21 -0600
with message-id <20061105184621.GR18644@p12n.org>
and subject line Bug#397174: apache2: logic error in source file "pcre.c"
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: apache2: logic error in source file "pcre.c"
• From: Jochen Voss <voss@debian.org>
• Date: Sun, 05 Nov 2006 16:24:41 +0000
• Message-id: <[🔎] 20061105162441.16221.27325.reportbug@burmah.maths.warwick.ac.uk>

Package: apache2
Version: 2.2.3-3
Severity: normal

Hello,

recently I came across the following bit of code in the source file
apache2-2.2.3/srclib/pcre/pcre.c (function compile_branch, around line
3366):

        /* Condition to test for a numbered subpattern match. We know that
        if a digit follows ( then there will just be digits until ) because
        the syntax was checked in the first pass. */

        else if ((digitab[ptr[1]] && ctype_digit) != 0)
        ...

This is a programming error.  The test for digits works by taking the
bitwise (not logical) and between the corresponding entry in 'digitab'
and the mask 'ctype_digit'.  The if test should use '&' instead of
'&&'.

I did not check what the implications of this error are (false
positves could occur if 'ptr[1]' is a hex digit, but these might be
caught earlier in the syntax check?), but probably this should be
fixed anyway.

I hope this helps,
Jochen

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18.1
Locale: LANG=en_GB.iso885915, LC_CTYPE=en_GB.iso885915 (charmap=ISO-8859-15)

--- End Message ---

--- Begin Message ---

• To: 397174-done@bugs.debian.org
• Subject: Re: Bug#397174: apache2: logic error in source file "pcre.c"
• From: Peter Samuelson <peter@p12n.org>
• Date: Sun, 5 Nov 2006 12:46:21 -0600
• Message-id: <20061105184621.GR18644@p12n.org>
• In-reply-to: <[🔎] 20061105162441.16221.27325.reportbug@burmah.maths.warwick.ac.uk>
• References: <[🔎] 20061105162441.16221.27325.reportbug@burmah.maths.warwick.ac.uk>

[Jochen Voss]
> recently I came across the following bit of code in the source file
> apache2-2.2.3/srclib/pcre/pcre.c (function compile_branch, around
> line 3366):

This code is a copy of the pcre3 library, bundled by upstream for
convenience.  Debian does not use it.  I checked the Debian pcre3
package, and this bug appears to have been fixed, so I'm closing it.

Attachment: signature.asc
Description: Digital signature

--- End Message ---