| Age | Commit message (Collapse) | Author |
|---|
|
The following code never terminates:
fail() ->
Str = "http:/www.flickr.com/slideShow/index.gne?group_id=&user_id=69845378@N0",
EMail_regex = "[a-z0-9!#$%&'*+/=?^_`{|}~-]+"
++ "(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*"
++ "@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+"
++ "(?:[a-zA-Z]{2}|com|org|net|gov|mil"
++ "|biz|info|mobi|name|aero|jobs|museum)",
io:format("about to run...~n"),
Ret = re:run(Str, EMail_regex),
io:format("Ret is ~p~n", [Ret]).
Fix it by having pcre_exec remember match_call_count between restarts.
Reported-by: Gordon Guthrie
Acked-by: Patrik Nyblom
|
|
Patch from:
http://vcs.pcre.org/viewvc/code/trunk/pcre_compile.c?r1=504&r2=505&view=patch
Test case:
N = 819, re:compile([lists:duplicate(N, $(), lists:duplicate(N, $))]).
Compiling large regular expressions could overflow the workspace
buffer. Modify the test to check for a value smaller than the buffer
size.
|
|
The patch is from:
http://vcs.pcre.org/viewvc?revision=360&view=revision
Test case:
re:compile(<<"(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]">>, [unicode]).
An option change at the start of a pattern that had top-level
alternatives could cause overwriting and/or a crash.
This potential security problem was recorded as CVE-2008-2371.
|
|
|
