[rules-users] Drools 5.4 DSLR Stack Overflow
Wolfgang Laun
wolfgang.laun at gmail.com
Mon Jul 9 16:25:59 EDT 2012
The Pattern comments in org.drools.lang.dsl.DefaultExpander (defined
in line 63) is vulnerable when used against strings containing '/*'
followed by multiple repetitions of '*' alternating with other
characters before being terminated with '*/'. The pattern
"(?:/\\*(?:[^*]|(?:\\*+[^*/]))*\\*+/)"
isn't "best practice", but it shouldn't cause a stack overflow.
The much simpler pattern
"/\\*.*?\\*/"
would serve the same purpose while not causing a stack overflow.
Tested with javac 1.6.0_23
-W
On 09/07/2012, gboro54 <gboro54 at gmail.com> wrote:
> Even after updating to 1.6.0_31 we still get the following:
>
> Caused by: java.lang.StackOverflowError
> at java.util.regex.Pattern$GroupTail.match(Pattern.java:4227)
> [rt.jar:1.6.0_31]
More information about the rules-users
mailing list