[TRE-general] [Crm114-general] segv from /usr/lib/libtre.so.4 (tre-0.7.5)
Paolo
oopla at users.sf.net
Sat Jan 6 21:37:16 EET 2007
On Sat, Jan 06, 2007 at 01:19:15PM +0200, Ville Laurikari wrote:
> > Program received signal SIGSEGV, Segmentation fault.
>
> > the guilty RE is '((?.+)^$.{10}).*'
>
> Hmm, well, that does not look like a valid regexp. The '(?.+)' part
right, I hit <return> by chance too early.
> So, I would say the bug is in crm114; it seems that it does not check
> the regcomp() return value at least in this particular case.
indeed, more recent versions of crm114 bail out with invalid re error.
Though I think TRE shouldn't segv even if feeded with invalid re.
IMO segv is always a bad way to tell the caller that the call was illegal,
and a possible security hole. Possibly, I'd rather have TRE (any lib, for
that matter) make sanity checks on args it's passed on.
thanks
-- paolo
More information about the TRE-general
mailing list