On Tue, Sep 18, 2018 at 3:21 PM Assaf Gordon wrote:
> On 12/09/18 12:02 AM, Assaf Gordon wrote:
> > $ echo 1 | grep -E "(\'|^)(\1|)"
> > grep: regexec.c:1375: pop_fail_stack: Assertion `num >= 0' failed.
> > Aborted
>
> I don't have a fix yet, but I reduced the crash to this interesti
Hello,
On 12/09/18 12:02 AM, Assaf Gordon wrote:
$ echo 1 | grep -E "(\'|^)(\1|)"
grep: regexec.c:1375: pop_fail_stack: Assertion `num >= 0' failed.
Aborted
I don't have a fix yet, but I reduced the crash to this interesting case:
$ echo 1 | grep -E '(^|$)\1'
1
$ echo 1 |
On 9/13/18 6:22 PM, Eduardo A. Bustamante López wrote:
> On Wed, Sep 12, 2018 at 09:23:54AM +0200, Tim Rühsen wrote:
> (...)
>> I stumbled upon the memory consumption (and slowness) a while ago, but
>> it seems to be a well-known issue regarding
>> https://sourceware.org/glibc/wiki/Security%20Exc
On Wed, Sep 12, 2018 at 09:23:54AM +0200, Tim Rühsen wrote:
(...)
> I stumbled upon the memory consumption (and slowness) a while ago, but
> it seems to be a well-known issue regarding
> https://sourceware.org/glibc/wiki/Security%20Exceptions.
>
> So, never accept regex patterns from untrusted sou
On 9/12/18 8:02 AM, Assaf Gordon wrote:
> Hello,
>
> Prompted by the recent bug reports, I decided to do some
> targeted fuzzing on gnulib's regex module using afl.
>
> So far I found two obscure bugs, and one pathological case.
>
> Can be easily reproduced with:
>
> $ echo 1 | grep -E "(\'
Hello,
Prompted by the recent bug reports, I decided to do some
targeted fuzzing on gnulib's regex module using afl.
So far I found two obscure bugs, and one pathological case.
Can be easily reproduced with:
$ echo 1 | grep -E "(\'|^)(\1|)"
grep: regexec.c:1375: pop_fail_stack: Assertio