Will Drewry reported a flaw in the way libicu processes certain regular expressions. He reports: In the function doInterval, regexcmp.cpp:976, there isno check to ensure than the upper interval is not -1. This is intentional as unbounded upper limits are allowed, however the remainder of the code does not gracefully handle this case. For instance, a heap overflow is possible due to the doubling of memory as RegexMatcher::StateSave continues to backtrack.
This is now public: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com
icu-3.8-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
icu-3.6-20.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0090.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1076 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1036