Reduce _GLIBCXX_REGEX_STATE_LIMIT

Message ID	CAG4ZjNnpKK1HWeu+Ju3e_8jzvRd9cUwKF8Kh1TYMz=oZq3J3hg@mail.gmail.com
State	New
Headers	show Return-Path: <gcc-patches-return-448350-incoming=patchwork.ozlabs.org@gcc.gnu.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :mime-version:from:reply-to:date:message-id:subject:to:cc :content-type; q=dns; s=default; b=PRRxa2UYsvlPoutbDzEEoXbXCfWl1 ZbyUpk0yvUNstsQMTj5CkHwBKeKZ14zt5AkngwAATUQf58+14gH5xlH0Lnr0nPcv 6JDKELUjdvZJyWqtsVJSeZNVVeJXgpIBDbwRrOmq3uQm4MV0nCKdD0731TihYvuR fvcvnnIcSoYu8M= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org MIME-Version: 1.0 From: "Tim Shen via gcc-patches" <gcc-patches@gcc.gnu.org> Reply-To: Tim Shen <timshen@google.com> Date: Fri, 10 Feb 2017 17:53:05 -0800 Message-ID: <CAG4ZjNnpKK1HWeu+Ju3e_8jzvRd9cUwKF8Kh1TYMz=oZq3J3hg@mail.gmail.com> Subject: [PATCH] Reduce _GLIBCXX_REGEX_STATE_LIMIT To: "libstdc++" <libstdc++@gcc.gnu.org>, gcc-patches <gcc-patches@gcc.gnu.org> Cc: Kostya Serebryany <kcc@google.com> Content-Type: multipart/mixed; boundary=001a113ce900b44997054837791f

Message ID

CAG4ZjNnpKK1HWeu+Ju3e_8jzvRd9cUwKF8Kh1TYMz=oZq3J3hg@mail.gmail.com

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender
	:mime-version:from:reply-to:date:message-id:subject:to:cc
	:content-type; q=dns; s=default; b=PRRxa2UYsvlPoutbDzEEoXbXCfWl1
	ZbyUpk0yvUNstsQMTj5CkHwBKeKZ14zt5AkngwAATUQf58+14gH5xlH0Lnr0nPcv
	6JDKELUjdvZJyWqtsVJSeZNVVeJXgpIBDbwRrOmq3uQm4MV0nCKdD0731TihYvuR
	fvcvnnIcSoYu8M=
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org
MIME-Version: 1.0
From: "Tim Shen via gcc-patches" <gcc-patches@gcc.gnu.org>
Reply-To: Tim Shen <timshen@google.com>
Date: Fri, 10 Feb 2017 17:53:05 -0800
Message-ID: <CAG4ZjNnpKK1HWeu+Ju3e_8jzvRd9cUwKF8Kh1TYMz=oZq3J3hg@mail.gmail.com>
Subject: [PATCH] Reduce _GLIBCXX_REGEX_STATE_LIMIT
To: "libstdc++" <libstdc++@gcc.gnu.org>,
	gcc-patches <gcc-patches@gcc.gnu.org>
Cc: Kostya Serebryany <kcc@google.com>
Content-Type: multipart/mixed; boundary=001a113ce900b44997054837791f

Commit Message

Li, Pan2 via Gcc-patches Feb. 11, 2017, 1:53 a.m. UTC

Thanks Kostya for the fuzzing work!

Reduce it to a reasonably small number (but not too small), so that
libFuzzer doesn't find as many crashers (none in a short period of
time, actually) with a 8MB stack on a 64-bit machine.

Thanks!

commit 4021ce78ed48215e7b765e8879ca65612933ee62
Author: Tim Shen <timshen@google.com>
Date:   Fri Feb 10 17:34:45 2017 -0800

    2017-02-10  Tim Shen  <timshen@google.com>
    
            * include/bits/regex_automaton.h: Reduce _GLIBCXX_REGEX_STATE_LIMIT
            to 16384, that removes most stack overflow cases detected by
            libFuzzer with a 8MB stack.
            * testsuite/28_regex/regression.cc: Add a test.

diff --git a/libstdc++-v3/include/bits/regex_automaton.h b/libstdc++-v3/include/bits/regex_automaton.h
index a5fab6356cc..20fd02cea8f 100644
--- a/libstdc++-v3/include/bits/regex_automaton.h
+++ b/libstdc++-v3/include/bits/regex_automaton.h
@@ -30,7 +30,7 @@ 
 
 // This macro defines the maximal state number a NFA can have.
 #ifndef _GLIBCXX_REGEX_STATE_LIMIT
-#define _GLIBCXX_REGEX_STATE_LIMIT 100000
+#define _GLIBCXX_REGEX_STATE_LIMIT 16384
 #endif
 
 namespace std _GLIBCXX_VISIBILITY(default)
diff --git a/libstdc++-v3/testsuite/28_regex/regression.cc b/libstdc++-v3/testsuite/28_regex/regression.cc
index b73b7641710..d3ffac81c77 100644
--- a/libstdc++-v3/testsuite/28_regex/regression.cc
+++ b/libstdc++-v3/testsuite/28_regex/regression.cc
@@ -110,6 +110,23 @@  test07()
   VERIFY(thrown);
 }
 
+// Too many states.
+void
+test08()
+{
+  bool thrown = false;
+  try
+    {
+      std::regex re(".*{100}{300}");
+    }
+  catch (const std::regex_error &e)
+    {
+      if (e.code() == regex_constants::error_space)
+        thrown = true;
+    }
+  VERIFY(thrown);
+}
+
 int
 main()
 {
@@ -120,6 +137,7 @@  main()
   test05();
   test06();
   test07();
+  test08();
   return 0;
 }

Reduce _GLIBCXX_REGEX_STATE_LIMIT

Commit Message

Patch