Project

General

Profile

Actions

Bug #15938

closed

Error thrown undeterministically: `RegexpError: empty range in char class`

Added by dlee (David Lee) over 5 years ago. Updated over 5 years ago.

Status:
Rejected
Assignee:
-
Target version:
-
[ruby-core:93232]

Description

When instantiating a Regexp, we only sometimes see RegexpError: empty range in char class.

To reproduce:
100.times { Regexp.new("^([\\w'+-.%]+@[\\w-.]+\\.[A-Za-z]{2,25})(,[\\w+-.%]+@[\\w-.]+\\.[A-Za-z]{2,4}){0,4}$") }
usually does not throw the error, but
100000.times { Regexp.new("^([\\w'+-.%]+@[\\w-.]+\\.[A-Za-z]{2,25})(,[\\w+-.%]+@[\\w-.]+\\.[A-Za-z]{2,4}){0,4}$") }
usually throws the error.

Furthermore, sometimes accompanying calls matter:
10.times { Regexp.new("[\\w-.]"); Regexp.new("[\\w-]") }
usually does not throw the error, but
10.times { Regexp.new("[\\w-.]") }
usually throws the error.

Updated by dlee (David Lee) over 5 years ago

FYI, these errors are deterministically thrown in ruby versions 2.5+, albeit with a different error message: unmatched range specifier in char-class.

Updated by jeremyevans0 (Jeremy Evans) over 5 years ago

  • Status changed from Open to Closed

I was able to reproduce your issue. However, Ruby 2.4 is in security maintenance phase. As this does not appear to be a security issue, we will not be backporting changes to fix it. Please see https://www.ruby-lang.org/en/downloads/branches/ for details, and please try updating to Ruby 2.6.3.

Updated by nobu (Nobuyoshi Nakada) over 5 years ago

  • Status changed from Closed to Rejected

\w cannot be an edge of range in char-class, as it is not a single char.

Updated by dlee (David Lee) over 5 years ago

Jeremy,

Thank you for the update. We know that Ruby 2.5+ has fixed this issue, but we were hoping the fix could be backported. Do you know if there is any workaround to reliably get Regexp to throw those errors?

Nobuyoshi,

Thanks, we understand that the Regexp is invalid. We were hoping that Ruby would deterministically throw the error, since we're relying on it to validate user-submitted regexp.

Updated by jeremyevans0 (Jeremy Evans) over 5 years ago

dlee (David Lee) wrote:

Thank you for the update. We know that Ruby 2.5+ has fixed this issue, but we were hoping the fix could be backported. Do you know if there is any workaround to reliably get Regexp to throw those errors?

You could bisect the repository for changes between 2.4 and 2.5 to see which commit fixed the issue, and apply the that commit as a custom patch to Ruby in your installation (assuming it applies cleanly).

As I mentioned earlier, Ruby 2.4 is in security maintenance phase, and this issue is not a security issue, and thus we would not backport patches to Ruby 2.4 fix it.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0