public inbox for glibc-bugs-regex@sourceware.org help / color / mirror / Atom feed
* [Bug regex/29642] New: `regcomp` with multiple adjacent plus sign would exhaust memory quickly @ 2022-10-02 7:10 linjy0410 at gmail dot com 2022-10-02 7:12 ` [Bug regex/29642] " linjy0410 at gmail dot com ` (2 more replies) 0 siblings, 3 replies; 4+ messages in thread From: linjy0410 at gmail dot com @ 2022-10-02 7:10 UTC (permalink / raw) To: glibc-bugs-regex https://sourceware.org/bugzilla/show_bug.cgi?id=29642 Bug ID: 29642 Summary: `regcomp` with multiple adjacent plus sign would exhaust memory quickly Product: glibc Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: regex Assignee: unassigned at sourceware dot org Reporter: linjy0410 at gmail dot com CC: drepper.fsp at gmail dot com Target Milestone: --- Hi! We found that in the latest pull, when `regcomp` with `REG_EXTENDED` is compiling pattern with multiple adjacent '+', like "1*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++", the memory would be exhausted very quickly. Because in `duplicate_tree` it exponentially calls `create_token_tree` which malloc all the memory, looks like it's easy to cause serious DOS. Checked the regex specification that said "multiple adjacent duplication symbols ( '+', '*', '?', and intervals) produces undefined results.", and seems like other regex implementation have handled this, maybe glibc needs to handle it too? -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug regex/29642] `regcomp` with multiple adjacent plus sign would exhaust memory quickly 2022-10-02 7:10 [Bug regex/29642] New: `regcomp` with multiple adjacent plus sign would exhaust memory quickly linjy0410 at gmail dot com @ 2022-10-02 7:12 ` linjy0410 at gmail dot com 2023-08-24 15:01 ` jwakely.gcc at gmail dot com 2023-08-24 15:05 ` jwakely.gcc at gmail dot com 2 siblings, 0 replies; 4+ messages in thread From: linjy0410 at gmail dot com @ 2022-10-02 7:12 UTC (permalink / raw) To: glibc-bugs-regex https://sourceware.org/bugzilla/show_bug.cgi?id=29642 --- Comment #1 from jy l <linjy0410 at gmail dot com> --- Created attachment 14373 --> https://sourceware.org/bugzilla/attachment.cgi?id=14373&action=edit regex DOS poc please be caution to run it since it might exhaust all the memory within few seconds -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug regex/29642] `regcomp` with multiple adjacent plus sign would exhaust memory quickly 2022-10-02 7:10 [Bug regex/29642] New: `regcomp` with multiple adjacent plus sign would exhaust memory quickly linjy0410 at gmail dot com 2022-10-02 7:12 ` [Bug regex/29642] " linjy0410 at gmail dot com @ 2023-08-24 15:01 ` jwakely.gcc at gmail dot com 2023-08-24 15:05 ` jwakely.gcc at gmail dot com 2 siblings, 0 replies; 4+ messages in thread From: jwakely.gcc at gmail dot com @ 2023-08-24 15:01 UTC (permalink / raw) To: glibc-bugs-regex https://sourceware.org/bugzilla/show_bug.cgi?id=29642 Jonathan Wakely <jwakely.gcc at gmail dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jwakely.gcc at gmail dot com --- Comment #2 from Jonathan Wakely <jwakely.gcc at gmail dot com> --- Looks like a dup of PR 28864 -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug regex/29642] `regcomp` with multiple adjacent plus sign would exhaust memory quickly 2022-10-02 7:10 [Bug regex/29642] New: `regcomp` with multiple adjacent plus sign would exhaust memory quickly linjy0410 at gmail dot com 2022-10-02 7:12 ` [Bug regex/29642] " linjy0410 at gmail dot com 2023-08-24 15:01 ` jwakely.gcc at gmail dot com @ 2023-08-24 15:05 ` jwakely.gcc at gmail dot com 2 siblings, 0 replies; 4+ messages in thread From: jwakely.gcc at gmail dot com @ 2023-08-24 15:05 UTC (permalink / raw) To: glibc-bugs-regex https://sourceware.org/bugzilla/show_bug.cgi?id=29642 --- Comment #3 from Jonathan Wakely <jwakely.gcc at gmail dot com> --- Which seems to be a dup of PR 20095 -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-08-24 15:05 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-10-02 7:10 [Bug regex/29642] New: `regcomp` with multiple adjacent plus sign would exhaust memory quickly linjy0410 at gmail dot com 2022-10-02 7:12 ` [Bug regex/29642] " linjy0410 at gmail dot com 2023-08-24 15:01 ` jwakely.gcc at gmail dot com 2023-08-24 15:05 ` jwakely.gcc at gmail dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).