The Pattern comments in org.drools.lang.dsl.DefaultExpander (defined
in line 63) is vulnerable when used against strings containing '/*'
followed by multiple repetitions of '*' alternating with other
characters before being terminated with '*/'. The pattern
"(?:/\\*(?:[^*]|(?:\\*+[^*/]))*\\*+/)"
isn't "best practice", but it shouldn't cause a stack overflow.
The much simpler pattern
"/\\*.*?\\*/"
would serve the same purpose while not causing a stack overflow.
Tested with javac 1.6.0_23
-W
On 09/07/2012, gboro54 <[email protected]> wrote:
> Even after updating to 1.6.0_31 we still get the following:
>
> Caused by: java.lang.StackOverflowError
> at java.util.regex.Pattern$GroupTail.match(Pattern.java:4227)
> [rt.jar:1.6.0_31]
_______________________________________________
rules-users mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/rules-users
