Hello,
I'm working on fixing some GLIBC vulnerabilities and I have an issue
regarding
CVE-2015-8985 - Assertion failure in pop_fail_stack when executing a
malformed regexp
Although it seems to be fixed in glibc 2.28, I've encountered the following
issue testing on a Ubuntu 19.10 virtual machine with glibc 2.30-0ubuntu.2.1
the following program:
pop_fail_stack.c
#include <assert.h>
#include <regex.h>
#include <stdio.h>
int main(int argc, char **argv)
{
int rc;
regex_t preg;
regmatch_t pmatch[2];
rc = regcomp(&preg, "()*)|\\1)*", REG_EXTENDED);
assert(rc == 0);
regexec(&preg, "", 2, pmatch, 0);
regfree(&preg);
return 0;
}
*pop_fail_stack: pop_fail_stack.c:12: main: Assertion `rc == 0' failed.*
*Aborted (core dumped)*
As describes the Debian bug
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392), the test
program compiles an invalid regexp and then tries to match a string
against it, triggers an assertion:
*pop_fail_stack: regexec.c:1401: pop_fail_stack: Assertion `num >= 0' failed.
Aborted*
So, in my scenario, the test program does not even successfully
compile the invalid regexp.
Did anyone encounter this issue?
Could you please help me with this?
Thank you,
Raluca
