DoS risk: panic "index out of bounds" while building very small regex #464
Labels
Comments
I was stumped for a moment because I couldn't reproduce it with the following program: extern crate regex;
use regex::Regex;
fn main() {
let re = Regex::new(r"a{\r\n");
println!("{:?}", re);
} Running gives a syntax error, not a panic, as expected:
But it seems the issue here is that I used a raw string. If I use However you found this, it's definitely a legitimate bug, and I would consider it trophy worthy. :-) |
A fix should now be on crates.io in |
Awesome, thanks @BurntSushi ! |
@PaulGrandperrin nice!! here's the trophy update - google/honggfuzz@ef1aa31#diff-04c6e90faac2675aa89e2176d2eec7d8 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
will cause
playground
I found it while porting https://github.com/rust-fuzz/targets to
afl.rs
andhonggfuzz
(it's currently only usinglibFuzzer
).It's funny because libFuzzer seems unable to find it while honggfuzz finds it reliably in just a couple of seconds and AFL in a couple of dozen of minutes.
Regexes sometimes are built from untrusted input so I guess it could be used for denial of service.
@robertswiecki : I found it with
honggfuzz
first, is that trophy worthy?The text was updated successfully, but these errors were encountered: