Will Drewry discovered a flaw in boost's regular expression library where a
crafted regular expression can trigger a NULL dereference flaw.
Created attachment 291643 [details]
from boost svn
Created attachment 291644 [details]
boost spec file
> Looks like this is the fix:
Which is: http://svn.boost.org/trac/boost/changeset/42674
Additional fix for the test suite: http://svn.boost.org/trac/boost/changeset/42745
Lifting embargo, upstream SVN commits are publicly available.
Created attachment 291890 [details]
Fix for 1.33.1
The example regexes from the reproducer all unambiguously SIGSEGV boost_regex,
with or without the patch in file 291643. This patch contains one additional
change that fixes this. I checked that it introduces no new regressions, and
that with this patch, reproducer testcases all throw exception as they should.
(The patch from comment #16 is relevant for boost distributed with RHEL-5 as
well as Fedora 7. Fedora build is spinning right now, taskID=353614.)
boost-1.34.1-7.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update boost'
boost-1.34.1-7.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4 and 6. This issue was addressed in boost packages in Red Hat Enterprise Linux 5 via RHSA-2012:0305.
Red Hat would like to thank Will Drewry for reporting these issues.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2012:0305 https://rhn.redhat.com/errata/RHSA-2012-0305.html