ERL-208: PCRE has a stack overflow bug

[OTP-Maintainer]

Original reporter: okeuday
Affected version: OTP-19.0
Fixed in version: OTP-20.0
Component: stdlib
Migrated from: https://bugs.erlang.org/browse/ERL-208

---

This is meant for tracking the information present in the closed pull requests below:
* https://github.com/erlang/otp/pull/1111
* https://github.com/erlang/otp/pull/1108
* https://github.com/erlang/otp/pull/1107

It may be advantageous to handle [ERL-207|https://bugs.erlang.org/browse/ERL-207] instead of this individual bug, in PCRE, due to it being an external dependency that is compiled into ERTS.  Since [ERL-207|https://bugs.erlang.org/browse/ERL-207] is likely to be a much more significant effort, it seems important to have this issue tracked separately, due to it being more difficult to schedule [ERL-207|https://bugs.erlang.org/browse/ERL-207].

[OTP-Maintainer]

lukas said:

A contribution following the guidelines explained in the referenced pull requests would be very welcome.

[OTP-Maintainer]

okeuday said:

The bug was assigned CVE-2016-10253

[OTP-Maintainer]

okeuday said:

A new pull request was created at [https://github.com/erlang/otp/pull/1384]

[OTP-Maintainer]

rickard said:

A pcre-8.40 upgrade will soon appear in the master branch.

[OTP-Maintainer]

rickard said:

Just merged the pcre-8.40 upgrade merge into master