Bug#187475: libc6: regcomp triggers an infinite loop when given a particular (bogus) pattern
Package: libc6
Version: 2.3.1-16
Severity: normal
Tags: upstream
regcomp seems to trigger an infinite loop when given a particular pattern.
The following program exercises the bug. When this program is run it
causes a segmentation fault. When examined in gdb the behavior seems
consistent with an infinite loop within re_comp ()
#include <stdio.h>
#include <sys/types.h>
#include <regex.h>
int main(void)
{
int err;
regex_t preg;
const char *regex = "^a*+";
if (regcomp (&preg, regex, REG_EXTENDED))
fprintf (stderr, "regcomp (%s) failed with error code: %d\n", regex, err);
else
regfree (&preg);
return 0;
}
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux scream 2.4.18 #8 Fri Oct 25 10:55:35 EDT 2002 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages libc6 depends on:
ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl
-- no debconf information
Reply to: