DoS risk: panic "index out of bounds" while building very small regex · Issue #464 · rust-lang/regex (original) (raw)

Skip to content

Navigation Menu

• • GitHub Copilot Write better code with AI
  • Security Find and fix vulnerabilities
  • Actions Automate any workflow
  • Codespaces Instant dev environments
  • Issues Plan and track work
  • Code Review Manage code changes
  • Discussions Collaborate outside of code
  • Code Search Find more, search less
• Explore
  • Learning Pathways
  • White papers, Ebooks, Webinars
  • Customer Stories
  • Partners
  • Executive Insights
• • GitHub Sponsors Fund open source developers
  • The ReadME Project GitHub community articles
• • Enterprise platform AI-powered developer platform
• Pricing

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign up

Description

Hi,

regex::Regex::new("a{\r\n");

will cause

thread 'main' panicked at 'index out of bounds: the len is 1 but the index is 1'

playground

I found it while porting https://github.com/rust-fuzz/targets to afl.rs and honggfuzz (it's currently only using libFuzzer).
It's funny because libFuzzer seems unable to find it while honggfuzz finds it reliably in just a couple of seconds and AFL in a couple of dozen of minutes.

Regexes sometimes are built from untrusted input so I guess it could be used for denial of service.

@robertswiecki : I found it with honggfuzz first, is that trophy worthy?

Metadata

Labels

Development

No branches or pull requests

Issue actions