Glibc - CVE-2015-8985 help
Raluca-Petronela Florea
florea.raluca.petronela@gmail.com
Tue May 5 09:14:30 GMT 2020
Hello,
I'm working on fixing some GLIBC vulnerabilities and I have an issue
regarding
CVE-2015-8985 - Assertion failure in pop_fail_stack when executing a
malformed regexp
Although it seems to be fixed in glibc 2.28, I've encountered the following
issue testing on a Ubuntu 19.10 virtual machine with glibc 2.30-0ubuntu.2.1
the following program:
pop_fail_stack.c
#include <assert.h>
#include <regex.h>
#include <stdio.h>
int main(int argc, char **argv)
{
int rc;
regex_t preg;
regmatch_t pmatch[2];
rc = regcomp(&preg, "()*)|\\1)*", REG_EXTENDED);
assert(rc == 0);
regexec(&preg, "", 2, pmatch, 0);
regfree(&preg);
return 0;
}
*pop_fail_stack: pop_fail_stack.c:12: main: Assertion `rc == 0' failed.*
*Aborted (core dumped)*
As describes the Debian bug
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392), the test
program compiles an invalid regexp and then tries to match a string
against it, triggers an assertion:
*pop_fail_stack: regexec.c:1401: pop_fail_stack: Assertion `num >= 0' failed.
Aborted*
So, in my scenario, the test program does not even successfully
compile the invalid regexp.
Did anyone encounter this issue?
Could you please help me with this?
Thank you,
Raluca
More information about the Libc-alpha
mailing list