[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] re2c: infinite loop
From: Agostino Sarubbo <ago () gentoo ! org>
Date: 2020-04-27 11:07:00
Message-ID: 2033222.irdbgypaU6 () spectre
[Download RAW message or body]
Hello all,
re2c is affected by an infinite loop.
It was initially discovered by Sergei Trofimovich (slyfox) and reported by me
privately to upstream.
The upstream reference is at: https://github.com/skvadrik/re2c/issues/219
There is no CVE assigned.
Here is the additional upstream comment:
I fixed enough recursive functions to make the ASAN-instrumented re2c
pass on this file (but that doesn't fully fix #219, as some other
recursive functions still need rewriting, work in progress).
This is the list of fixes:
fd634998f813340768c333cdad638498602856e5 Rewrite recursion into iteration
(Tarjan's SCC algorithm and YYFILL states).
637d4e468835690eac102aba83535dfd26afbbdb Rewrite recursion into iteration
(paths for -Wundefined-control-flow).
e3e43bcbb746dd6692f2d60ed1fa2e26c8cbe987 Rewrite recursion into iteration
(skeleton max path length computation).
f39b522cd40d04e80b77db926ce2d7d766954852 Rewrite recursion into iteration
(insertion of negative tags in RE).
They will appear in the next release, re2c-2.0.
Agostino
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic