Paul Eggert wrote: > In glibc (and Gnulib) the regular-expression code has long been > maintained under the philosophy that the code cannot handle arbitrary > regular expressions. Any code that lets the user specify an arbitrary > regular expression is suspect, and this includes Awk scripts. (This is > also true for C libraries other than glibc/Gnulib.) > > It'd be nice if someone could fix regex bugs like these in the glibc > regex code, but nobody has stepped forward to do that, and frankly it's > low priority. In the meantime, don't write Awk scripts with adversarial > regexps.
Stack overflow inside the regex engine is only one of the problems. The other one is quadratic (or even exponential) running time. Such a running time can have fatal practical consequences [1]. The RE2 regex syntax [2] was designed to avoid such problems. But here, we are using POSIX regexes, which will always exhibit worst-case exponential running times. Bruno [1] https://blog.cloudflare.com/cloudflare-outage/ [2] https://en.wikipedia.org/wiki/RE2_(software)
