Will Drewry reported a flaw in the way libicu processes certain regular
expressions. He reports:
In the function doInterval, regexcmp.cpp:976, there isno check to ensure
than the upper interval is not -1. This is intentional as unbounded upper
limits are allowed, however the remainder of the code does not gracefully
handle this case. For instance, a heap overflow is possible due to the
doubling of memory as RegexMatcher::StateSave continues to backtrack.
This is now public:
icu-3.8-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
icu-3.6-20.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: