On 22/11/2019 18:17, Giuseppe D'Angelo via Development wrote:
Il 21/11/19 13:13, Robert Loehning ha scritto:
** [https://doc.qt.io/qt-5/qregularexpression.html QRegularExpression]
This should mostly be fuzzing libpcre itself...
Note that users should NEVER use / accept untrusted regular
expressions. While we shouldn't crash or exhaust memory, PCREs will
happily exhibit exponential backtracking behaviour, thus exposing
applications to DOS attacks. There's nothing we can do about that.
Just wondering how one would go about doing that in practice. Is this
something QRegularExpression itself may be of assistance with, perhaps
by esposing an API that can be used to identify if an expression
contains potentially dangerous or heavy expressions?
André
Thanks,
_______________________________________________
Development mailing list
[email protected]
https://lists.qt-project.org/listinfo/development
_______________________________________________
Development mailing list
[email protected]
https://lists.qt-project.org/listinfo/development
