Hi. Paul Eggert wrote: > In glibc (and Gnulib) the regular-expression code has long been > maintained under the philosophy that the code cannot handle arbitrary > regular expressions. Any code that lets the user specify an arbitrary > regular expression is suspect, and this includes Awk scripts. (This is > also true for C libraries other than glibc/Gnulib.) > > It'd be nice if someone could fix regex bugs like these in the glibc > regex code, but nobody has stepped forward to do that, and frankly it's > low priority. In the meantime, don't write Awk scripts with adversarial > regexps.
Thanks. This is more or less what I expected, and it's fine with me. But I had to do my duty as gawk maintainer and forward the report. Bruno Haible <br...@clisp.org> wrote: > Stack overflow inside the regex engine is only one of the problems. The > other one is quadratic (or even exponential) running time. Such a running > time can have fatal practical consequences [1]. The RE2 regex syntax [2] > was designed to avoid such problems. But here, we are using POSIX regexes, > which will always exhibit worst-case exponential running times. > > Bruno > > [1] https://blog.cloudflare.com/cloudflare-outage/ > [2] https://en.wikipedia.org/wiki/RE2_(software) It's possible to write a POSIX compliant matcher for EREs that doesn't have such problems; I know someone doing it. In any case, users get what they ask for, it's up to them to understand what they're doing. Thanks, Arnold >
