Opened 11 years ago
Closed 11 years ago
#5612 closed Bugs (fixed)
basic_regex class constructor stack overflow
| Reported by: | Owned by: | John Maddock | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | regex |
| Version: | Boost 1.46.1 | Severity: | Problem |
| Keywords: | Cc: |
Description
Compile and run the following code:
#include <boost/regex.hpp>
int main()
{
boost::regex reg("((?1)|a)");
return 0;
}
Recursive calls to basic_regex_creator<charT, traits>::create_startmap() would consume all available stack space and crash the program, causing denial of service.
This problem has been verified to exist in Boost 1.46.1, and also in trunk code as of Jun. 9.
Note:
See TracTickets
for help on using tickets.
(In [72612]) Fix infinite recursion in bad recursive expressions. Fix bug that allows invalid regex to go unnoticed and crash later. Fixes #5613. Fixes #5612.