Bug #15938
closed
Error thrown undeterministically: `RegexpError: empty range in char class`
Added by dlee (David Lee) over 5 years ago.
Updated over 5 years ago.
Description
When instantiating a Regexp, we only sometimes see RegexpError: empty range in char class
.
To reproduce:
100.times { Regexp.new("^([\\w'+-.%]+@[\\w-.]+\\.[A-Za-z]{2,25})(,[\\w+-.%]+@[\\w-.]+\\.[A-Za-z]{2,4}){0,4}$") }
usually does not throw the error, but
100000.times { Regexp.new("^([\\w'+-.%]+@[\\w-.]+\\.[A-Za-z]{2,25})(,[\\w+-.%]+@[\\w-.]+\\.[A-Za-z]{2,4}){0,4}$") }
usually throws the error.
Furthermore, sometimes accompanying calls matter:
10.times { Regexp.new("[\\w-.]"); Regexp.new("[\\w-]") }
usually does not throw the error, but
10.times { Regexp.new("[\\w-.]") }
usually throws the error.
FYI, these errors are deterministically thrown in ruby versions 2.5+, albeit with a different error message: unmatched range specifier in char-class
.
- Status changed from Open to Closed
I was able to reproduce your issue. However, Ruby 2.4 is in security maintenance phase. As this does not appear to be a security issue, we will not be backporting changes to fix it. Please see https://www.ruby-lang.org/en/downloads/branches/ for details, and please try updating to Ruby 2.6.3.
- Status changed from Closed to Rejected
\w
cannot be an edge of range in char-class, as it is not a single char.
Jeremy,
Thank you for the update. We know that Ruby 2.5+ has fixed this issue, but we were hoping the fix could be backported. Do you know if there is any workaround to reliably get Regexp to throw those errors?
Nobuyoshi,
Thanks, we understand that the Regexp is invalid. We were hoping that Ruby would deterministically throw the error, since we're relying on it to validate user-submitted regexp.
dlee (David Lee) wrote:
Thank you for the update. We know that Ruby 2.5+ has fixed this issue, but we were hoping the fix could be backported. Do you know if there is any workaround to reliably get Regexp to throw those errors?
You could bisect the repository for changes between 2.4 and 2.5 to see which commit fixed the issue, and apply the that commit as a custom patch to Ruby in your installation (assuming it applies cleanly).
As I mentioned earlier, Ruby 2.4 is in security maintenance phase, and this issue is not a security issue, and thus we would not backport patches to Ruby 2.4 fix it.
Also available in: Atom
PDF
Like0
Like0Like0Like0Like0Like0