Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <2033222.irdbgypaU6@spectre>
Date: Mon, 27 Apr 2020 13:07:00 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: re2c: infinite loop

Hello all,

re2c is affected by an infinite loop.

It was initially discovered by Sergei Trofimovich (slyfox) and reported by me 
privately to upstream.
The upstream reference is at: https://github.com/skvadrik/re2c/issues/219
There is no CVE assigned.

Here is the additional upstream comment:

I fixed enough recursive functions to make the ASAN-instrumented re2c
pass on this file (but that doesn't fully fix #219, as some other
recursive functions still need rewriting, work in progress).
This is the list of fixes:
fd634998f813340768c333cdad638498602856e5 Rewrite recursion into iteration 
(Tarjan's SCC algorithm and YYFILL states).
637d4e468835690eac102aba83535dfd26afbbdb Rewrite recursion into iteration 
(paths for -Wundefined-control-flow).
e3e43bcbb746dd6692f2d60ed1fa2e26c8cbe987 Rewrite recursion into iteration 
(skeleton max path length computation).
f39b522cd40d04e80b77db926ce2d7d766954852 Rewrite recursion into iteration 
(insertion of negative tags in RE).
They will appear in the next release, re2c-2.0.


Agostino


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.