You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If Oniguruma try to parse very deep regex nodes, it causes stack buffer overflow due to deep recursive calls to some parsing functions like optimize_nodes(), tree_min_len().
Here is a POC source code that simply executes onig_search() with very large regular expression "X+++++++++++++++++++++++++++++++ .... ".
gdb -q ./oniguruma_syntax -c core
Reading symbols from ./oniguruma_stack...done.
[New LWP 19257]
Core was generated by `./oniguruma_stack'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fe64f65fde5 in tree_min_len (
node=<error reading variable: Cannot access memory at address 0x7ffcc7ec9fe8>,
env=<error reading variable: Cannot access memory at address 0x7ffcc7ec9fe0>)
at regcomp.c:2839
2839 {
(gdb) bt
#0 0x00007fe64f65fde5 in tree_min_len (
node=<error reading variable: Cannot access memory at address 0x7ffcc7ec9fe8>,
env=<error reading variable: Cannot access memory at address 0x7ffcc7ec9fe0>)
at regcomp.c:2839
#1 0x00007fe64f660196 in tree_min_len (node=0x55b2d734a570, env=0x7ffcc86b7470)
at regcomp.c:2942
#2 0x00007fe64f66009b in tree_min_len (node=0x55b2d734a5b0, env=0x7ffcc86b7470)
at regcomp.c:2913
#3 0x00007fe64f660196 in tree_min_len (node=0x55b2d734a5f0, env=0x7ffcc86b7470)
at regcomp.c:2942
#4 0x00007fe64f66009b in tree_min_len (node=0x55b2d734a630, env=0x7ffcc86b7470)
at regcomp.c:2913
#5 0x00007fe64f660196 in tree_min_len (node=0x55b2d734a670, env=0x7ffcc86b7470)
at regcomp.c:2942
#6 0x00007fe64f66009b in tree_min_len (node=0x55b2d734a6b0, env=0x7ffcc86b7470)
at regcomp.c:2913
#7 0x00007fe64f660196 in tree_min_len (node=0x55b2d734a6f0, env=0x7ffcc86b7470)
at regcomp.c:2942
#8 0x00007fe64f66009b in tree_min_len (node=0x55b2d734a730, env=0x7ffcc86b7470)
at regcomp.c:2913
#9 0x00007fe64f660196 in tree_min_len (node=0x55b2d734a770, env=0x7ffcc86b7470)
at regcomp.c:2942
#10 0x00007fe64f66009b in tree_min_len (node=0x55b2d734a7b0, env=0x7ffcc86b7470)
at regcomp.c:2913
#11 0x00007fe64f660196 in tree_min_len (node=0x55b2d734a7f0, env=0x7ffcc86b7470)
at regcomp.c
....
The text was updated successfully, but these errors were encountered:
RKX1209
changed the title
Stack Exhaustion Problem caused by some parsing function in regcomp.c making recursive calls to itself
Stack Exhaustion Problem caused by some parsing functions in regcomp.c making recursive calls to themselves.
Jul 29, 2019
If Oniguruma try to parse very deep regex nodes, it causes stack buffer overflow due to deep recursive calls to some parsing functions like optimize_nodes(), tree_min_len().
Here is a POC source code that simply executes onig_search() with very large regular expression "X+++++++++++++++++++++++++++++++ .... ".
The text was updated successfully, but these errors were encountered: