#5613 closed Bugs (fixed)
basic_regex class constructor invalid memory read
| Reported by: | Owned by: | John Maddock | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | regex |
| Version: | Boost 1.46.1 | Severity: | Problem |
| Keywords: | Cc: |
Description
Compile and run the following code:
#include <boost/regex.hpp>
int main()
{
boost::regex reg("(\\w++{3})*");
return 0;
}
This would cause boost to read from invalid memory and crash the program, leading to denial of service.
The bug has been verified to exist in Boost 1.46.1, and also in trunk code as of Jun. 9.
Change History (3)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:3 by , 11 years ago
Sorry for the late reply, haven't checked the mailbox for a while :-)
We are currently carrying out fuzz testings to evaluate the stability and security of major regular expression engines. The above two testcases are generated by the fuzzing tool.
Note:
See TracTickets
for help on using tickets.
Confirmed, this and the other issue you reported will be fixed in Trunk shortly (too late for 1.47 though I'm afraid).
I'm curious, if it's not a secret, how did you manage to find these?