Boost C++ Libraries: Ticket #5613: basic_regex class constructor invalid memory read https://svn.boost.org/trac10/ticket/5613 <p> Compile and run the following code: </p> <pre class="wiki">#include &lt;boost/regex.hpp&gt; int main() { boost::regex reg("(\\w++{3})*"); return 0; } </pre><p> This would cause boost to read from invalid memory and crash the program, leading to denial of service. </p> <p> The bug has been verified to exist in Boost 1.46.1, and also in trunk code as of Jun. 9. </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/5613 Trac 1.4.3 anonymous Thu, 16 Jun 2011 10:58:25 GMT <link>https://svn.boost.org/trac10/ticket/5613#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/5613#comment:1</guid> <description> <p> Confirmed, this and the other issue you reported will be fixed in Trunk shortly (too late for 1.47 though I'm afraid). </p> <p> I'm curious, if it's not a secret, how did you manage to find these? </p> </description> <category>Ticket</category> </item> <item> <dc:creator>John Maddock</dc:creator> <pubDate>Thu, 16 Jun 2011 11:27:22 GMT</pubDate> <title>status changed; resolution set https://svn.boost.org/trac10/ticket/5613#comment:2 https://svn.boost.org/trac10/ticket/5613#comment:2 <ul> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">fixed</span> </li> </ul> <p> (In <a class="changeset" href="https://svn.boost.org/trac10/changeset/72612" title="Fix infinite recursion in bad recursive expressions. Fix bug that ...">[72612]</a>) Fix infinite recursion in bad recursive expressions. Fix bug that allows invalid regex to go unnoticed and crash later. Fixes <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/5613" title="#5613: Bugs: basic_regex class constructor invalid memory read (closed: fixed)">#5613</a>. Fixes <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/5612" title="#5612: Bugs: basic_regex class constructor stack overflow (closed: fixed)">#5612</a>. </p> Ticket Yang Dingning <yangdingning@…> Mon, 20 Jun 2011 04:31:50 GMT <link>https://svn.boost.org/trac10/ticket/5613#comment:3 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/5613#comment:3</guid> <description> <p> Sorry for the late reply, haven't checked the mailbox for a while :-)<br /> We are currently carrying out fuzz testings to evaluate the stability and security of major regular expression engines. The above two testcases are generated by the fuzzing tool. </p> </description> <category>Ticket</category> </item> </channel> </rss>