regexp: limit size of parsed regexps - go - Fork of Go programming language with my patches.

diff options

author	Russ Cox <rsc@golang.org>	2022-09-28 11:18:51 -0400
committer	Gopher Robot <gobot@golang.org>	2022-10-05 20:39:49 +0000
commit	c3c4aea55b404c2e6ef109ec6a345f4ccb877381 (patch)
tree	966c1c4e4ded7d3cf414056249a32584c044baf7 /src/encoding
parent	881a16542e357fd85ac492424021ff380175675a (diff)
download	go-c3c4aea55b404c2e6ef109ec6a345f4ccb877381.tar.xz

regexp: limit size of parsed regexps

Set a 128 MB limit on the amount of space used by []syntax.Inst in the compiled form corresponding to a given regexp. Also set a 128 MB limit on the rune storage in the *syntax.Regexp tree itself. Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue. Fixes CVE-2022-41715. Fixes #55949. Change-Id: Ia656baed81564436368cf950e1c5409752f28e1b Reviewed-on: https://go-review.googlesource.com/c/go/+/439356 Auto-Submit: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>

Diffstat (limited to 'src/encoding')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: