Glibc - CVE-2015-8985 help

[Raluca-Petronela Florea <florea.raluca.petronela@gmail.com>]

Hello,

I'm working on fixing some GLIBC vulnerabilities and I have an issue regarding 

CVE-2015-8985 - Assertion failure in pop_fail_stack when executing a malformed regexp

Although it seems to be fixed in glibc 2.28, I've encountered the following issue testing on a Ubuntu 19.10 virtual machine with glibc 2.30-0ubuntu.2.1 the following program:

pop_fail_stack.c

#include <assert.h>
#include <regex.h>
#include <stdio.h>

int main(int argc, char **argv)
{
    int rc;
    regex_t preg;
    regmatch_t pmatch[2];

    rc = regcomp(&preg, "()*)|\\1)*", REG_EXTENDED);
    assert(rc == 0);
    regexec(&preg, "", 2, pmatch, 0);
    regfree(&preg);
    return 0;
}

pop_fail_stack: pop_fail_stack.c:12: main: Assertion `rc == 0' failed.
Aborted (core dumped)

As describes the Debian bug (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392), the test program compiles an invalid regexp and then tries to match a string against it, triggers an assertion:
pop_fail_stack: regexec.c:1401: pop_fail_stack: Assertion `num >= 0' failed.
Aborted

So, in my scenario, the test program does not even successfully compile the invalid regexp.

Did anyone encounter this issue?

Could you please help me with this?

 

Thank you,

Raluca