[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] re2c: infinite loop
From:       Agostino Sarubbo <ago () gentoo ! org>
Date:       2020-04-27 11:07:00
Message-ID: 2033222.irdbgypaU6 () spectre
[Download RAW message or body]

Hello all,

re2c is affected by an infinite loop.

It was initially discovered by Sergei Trofimovich (slyfox) and reported by me 
privately to upstream.
The upstream reference is at: https://github.com/skvadrik/re2c/issues/219
There is no CVE assigned.

Here is the additional upstream comment:

I fixed enough recursive functions to make the ASAN-instrumented re2c
pass on this file (but that doesn't fully fix #219, as some other
recursive functions still need rewriting, work in progress).
This is the list of fixes:
fd634998f813340768c333cdad638498602856e5 Rewrite recursion into iteration 
(Tarjan's SCC algorithm and YYFILL states).
637d4e468835690eac102aba83535dfd26afbbdb Rewrite recursion into iteration 
(paths for -Wundefined-control-flow).
e3e43bcbb746dd6692f2d60ed1fa2e26c8cbe987 Rewrite recursion into iteration 
(skeleton max path length computation).
f39b522cd40d04e80b77db926ce2d7d766954852 Rewrite recursion into iteration 
(insertion of negative tags in RE).
They will appear in the next release, re2c-2.0.


Agostino


[prev in list] [next in list] [prev in thread] [next in thread]