Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Mar 2015 03:10:18 +0100
From: Szabolcs Nagy <>
To: Rich Felker <>
Cc: Konstantin Serebryany <>,
Subject: Re: buffer overflow in regcomp and a way to find more of those

* Rich Felker <> [2015-03-20 21:30:16 -0400]:
> > > int main() {
> > >   regex_t preg;
> > >   const char *s = ".****\\Z$<\\0)_";
> Isn't the \0 an invalid backreference? Could it be getting processed
> in a way that's causing the slowdown, but simply rejected by glibc?

ah you were right the \0 causes the slow down here:
it switches to the backtracking mode and there are
many ways to backtrack on .****

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.