https://svn.boost.org/trac10/ticket/5613 <p> Compile and run the following code: </p> <pre class="wiki">#include &lt;boost/regex.hpp&gt; int main() { boost::regex reg("(\\w++{3})*"); return 0; } </pre><p> This would cause boost to read from invalid memory and crash the program, leading to denial of service. </p> <p> The bug has been verified to exist in Boost 1.46.1, and also in trunk code as of Jun. 9. </p> en-us /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/5613 Trac 1.4.3 anonymous Thu, 16 Jun 2011 10:58:25 GMT https://svn.boost.org/trac10/ticket/5613#comment:2 https://svn.boost.org/trac10/ticket/5613#comment:2 <ul> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">fixed</span> </li> </ul> <p> (In <a class="changeset" href="https://svn.boost.org/trac10/changeset/72612" title="Fix infinite recursion in bad recursive expressions. Fix bug that ...">[72612]</a>) Fix infinite recursion in bad recursive expressions. Fix bug that allows invalid regex to go unnoticed and crash later. Fixes <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/5613" title="#5613: Bugs: basic_regex class constructor invalid memory read (closed: fixed)">#5613</a>. Fixes <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/5612" title="#5612: Bugs: basic_regex class constructor stack overflow (closed: fixed)">#5612</a>. </p> Ticket Yang Dingning <yangdingning@…> Mon, 20 Jun 2011 04:31:50 GMT