Hello,

I'm working on fixing some GLIBC vulnerabilities and I have an issue
regarding
CVE-2015-8985 - Assertion failure in pop_fail_stack when executing a
malformed regexp

Although it seems to be fixed in glibc 2.28, I've encountered the following
issue testing on a Ubuntu 19.10 virtual machine with glibc 2.30-0ubuntu.2.1
the following program:

pop_fail_stack.c

#include <assert.h>
#include <regex.h>
#include <stdio.h>

int main(int argc, char **argv)
{
    int rc;
    regex_t preg;
    regmatch_t pmatch[2];

    rc = regcomp(&preg, "()*)|\\1)*", REG_EXTENDED);
    assert(rc == 0);
    regexec(&preg, "", 2, pmatch, 0);
    regfree(&preg);
    return 0;
}

*pop_fail_stack: pop_fail_stack.c:12: main: Assertion `rc == 0' failed.*
*Aborted (core dumped)*

As describes the Debian bug
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392), the test
program compiles an invalid regexp and then tries to match a string
against it, triggers an assertion:

*pop_fail_stack: regexec.c:1401: pop_fail_stack: Assertion `num >= 0' failed.
Aborted*

So, in my scenario, the test program does not even successfully
compile the invalid regexp.

Did anyone encounter this issue?

Could you please help me with this?


Thank you,
Raluca

Reply via email to