Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Erlang's regular expressions vulnerable to heap overflow #1108
While I was crafting a concolic execution workload l I discovered that Erlang's generation of compiled regular expressions is vulnerable to a modestly complex heap overflow. Regular expressions using malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the
While ERTS maintains numerous allocators with different internal structures, a single expression can "switch" on internal type information, generalized across the alignment of heap chunk headers, this permits internal pointer value leaks as well as more indirect control over the instruction pointer.