Uncontrolled recursion in re_match_regexp #2448
Description
Jerry Version:
c93bea3
Build command:
python tools/build.py --profile=es2015-subset --jerry-libc=OFF --clean --strip OFF --compile-flag="-g" --compile-flag="-fsanitize=address"
OS:
Ubuntu 16.04
Compiler:
GCC 7.1
Test case:
var x = new RegExp('(/*()+?b+?b+?|.|)+')
x.exec('?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????')
Result:
ASAN:DEADLYSIGNAL
=================================================================
==11344==ERROR: AddressSanitizer: stack-overflow on address 0x7ffdfa89c8e8 (pc 0x7fb60dc1db39 bp 0x7ffdfa89d140 sp 0x7ffdfa89c8c0 T0)
#0 0x7fb60dc1db38 in QuickCheckForUnpoisonedRegion ../../../../libsanitizer/asan/asan_interceptors.cc:39
#1 0x7fb60dc1db38 in __interceptor_memcpy ../../../../libsanitizer/asan/asan_interceptors.cc:456
#2 0x451df4 in re_get_char /jerryscript/jerry-core/parser/regexp/re-bytecode.c:130
#3 0x451df4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:389
#4 0x4541a8 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1070
#5 0x45383c in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:908
#6 0x453d13 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:977
#7 0x4533f6 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:830
#8 0x45450f in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1123
#9 0x453d13 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:977
#10 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#11 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#12 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#13 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#14 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#15 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#16 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#17 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#18 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#19 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#20 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#21 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#22 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#23 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#24 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#25 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#26 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#27 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#28 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#29 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#30 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#31 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#32 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#33 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#34 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#35 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#36 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#37 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#38 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#39 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#40 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#41 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#42 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#43 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#44 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#45 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#46 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#47 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#48 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#49 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#50 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#51 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#52 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#53 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#54 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#55 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#56 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#57 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#58 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#59 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#60 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#61 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#62 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#63 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#64 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#65 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#66 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#67 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#68 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#69 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#70 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#71 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#72 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#73 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#74 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#75 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#76 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#77 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#78 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#79 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#80 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#81 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#82 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#83 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#84 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#85 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#86 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#87 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#88 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#89 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#90 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#91 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#92 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#93 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#94 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#95 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#96 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#97 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#98 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#99 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#100 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#101 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#102 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#103 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#104 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#105 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#106 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#107 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#108 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#109 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#110 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#111 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#112 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#113 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#114 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#115 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#116 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#117 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#118 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#119 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#120 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#121 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#122 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#123 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#124 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#125 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#126 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#127 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#128 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#129 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#130 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#131 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#132 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#133 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#134 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#135 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#136 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#137 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#138 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#139 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#140 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#141 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#142 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#143 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#144 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#145 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#146 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#147 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#148 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#149 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#150 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#151 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#152 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#153 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#154 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#155 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#156 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#157 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#158 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#159 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#160 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#161 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#162 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#163 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#164 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#165 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#166 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#167 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#168 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#169 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#170 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#171 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#172 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#173 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#174 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#175 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#176 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#177 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#178 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#179 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#180 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#181 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#182 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#183 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#184 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#185 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#186 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#187 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#188 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#189 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#190 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#191 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#192 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#193 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#194 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#195 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#196 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#197 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#198 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#199 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#200 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#201 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#202 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#203 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#204 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#205 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#206 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#207 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#208 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#209 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#210 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#211 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#212 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#213 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#214 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#215 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#216 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#217 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#218 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#219 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#220 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#221 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#222 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#223 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#224 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#225 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#226 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#227 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#228 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#229 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#230 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#231 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#232 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#233 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#234 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#235 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#236 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#237 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#238 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#239 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#240 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#241 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#242 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#243 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#244 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#245 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#246 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#247 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#248 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#249 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#250 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#251 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
#252 0x453eb4 in re_match_regexp /jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:1001
SUMMARY: AddressSanitizer: stack-overflow ../../../../libsanitizer/asan/asan_interceptors.cc:39 in QuickCheckForUnpoisonedRegion
==11344==ABORTING
Immediate cause:
Recursion in ecma-regexp-object.c is not properly used. Depth of the recursion is controlled only by the structure of a regular expression, which may result in JerryScript running out of stack space.
This might lead to DoS attack if an attacker is able to construct arbitrary regular expressions.
This seems to be a difficult bug to fix. Possible solutions could include checking stack limits, breaking recursion which is deeper than predefined value or refactoring the code to not use recursion.
Please note, that because this crash is a result of the program running out of stack memory, this exact input may not produce the same result across different systems. To easier reproduce this issue one may want to limit stack size (using for example ulimit).
This issue looks similar to #2190, but the problem occurs in a different code line, confirming that the design of the function in question is not properly implemented.