Email Archive: icu-announce (read-only)
|
[icu-announce] ICU Patch for bugs in Regular Expressions
From: Andy Heninger <andy.heninger@gm...> - 2008-01-22 23:38
Attachments: HTML-Email.html |
|
A patch that addresses two problems with ICU Regular Expressions is now available. The issues addresed are: 1. A regular expression pattern that contains a back reference to capture group zero, \0, may cause references to random memory addresses, with unpredictable results. There is no capture group zero, and an attempt to reference it will become a pattern compilation error with the patch. 2. The backtracking stack used during matching operations has no upper limit on its size. Internally to the match engine, the stack implementation uses heap memory, and unconstrained growth may cause problems with heap failures, thrashing or exhausted swap space. The patch limits the stack memory to 32 MB, and stops a matching operation with a failure if the limit is exceeded. The patch may be obtained directly from the ICU subversion repository with the command svn diff -c 23292 http://source.icu-project.org/repos/icu/icu/branches/maint/maint-3-8 The patch can be applied to ICU 3.8 or 3.8.1 sources. Alternatively, a complete set of ICU 3.8.1 sources, including the patch, can be obtained with the command svn export -r 23292 http://source.icu-project.org/repos/icu/icu/branches/maint/maint-3-8/icu-3-8 Developers of applications that allow users to enter and run arbitrary regular expressions on arbitrary data should consider applying these patches. Questions or comments should be directed to the icu-support mailing list. -- Andy Heninger |
Thread View
| Thread | Author | Date | |
|---|---|---|---|
| [icu-announce] ICU Patch for bugs in Regular Expressions | Andy Heninger <andy.heninger@gm...> |
|
About SourceForge
Develop Software
Community
Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use
