DoS risk: panic "index out of bounds" while building very small regex

Hi,
```rust
regex::Regex::new("a{\r\n");
```
will cause
```
thread 'main' panicked at 'index out of bounds: the len is 1 but the index is 1'
```
[playground](https://play.rust-lang.org/?gist=976d190abf1951abf75f14b390b2b53b&version=stable)

I found it while porting https://github.com/rust-fuzz/targets to `afl.rs` and `honggfuzz` (it's currently only using `libFuzzer`).
It's funny because libFuzzer seems unable to find it while honggfuzz finds it reliably in just a couple of seconds and AFL in a couple of dozen of minutes.

Regexes sometimes are built from untrusted input so I guess it could be used for denial of service.

@robertswiecki : I found it with `honggfuzz` first, is that trophy worthy?


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DoS risk: panic "index out of bounds" while building very small regex #464

PaulGrandperrin
openedon Apr 14, 2018

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

DoS risk: panic "index out of bounds" while building very small regex #464

Description

PaulGrandperrinopenedon Apr 14, 2018

Activity

Metadata