When instantiating a Regexp, we only sometimes see RegexpError: empty range in char class.
To reproduce: 100.times { Regexp.new("^([\\w'+-.%]+@[\\w-.]+\\.[A-Za-z]{2,25})(,[\\w+-.%]+@[\\w-.]+\\.[A-Za-z]{2,4}){0,4}$") }
usually does not throw the error, but 100000.times { Regexp.new("^([\\w'+-.%]+@[\\w-.]+\\.[A-Za-z]{2,25})(,[\\w+-.%]+@[\\w-.]+\\.[A-Za-z]{2,4}){0,4}$") }
usually throws the error.
Furthermore, sometimes accompanying calls matter: 10.times { Regexp.new("[\\w-.]"); Regexp.new("[\\w-]") }
usually does not throw the error, but 10.times { Regexp.new("[\\w-.]") }
usually throws the error.
I was able to reproduce your issue. However, Ruby 2.4 is in security maintenance phase. As this does not appear to be a security issue, we will not be backporting changes to fix it. Please see https://www.ruby-lang.org/en/downloads/branches/ for details, and please try updating to Ruby 2.6.3.
Thank you for the update. We know that Ruby 2.5+ has fixed this issue, but we were hoping the fix could be backported. Do you know if there is any workaround to reliably get Regexp to throw those errors?
Nobuyoshi,
Thanks, we understand that the Regexp is invalid. We were hoping that Ruby would deterministically throw the error, since we're relying on it to validate user-submitted regexp.
Thank you for the update. We know that Ruby 2.5+ has fixed this issue, but we were hoping the fix could be backported. Do you know if there is any workaround to reliably get Regexp to throw those errors?
You could bisect the repository for changes between 2.4 and 2.5 to see which commit fixed the issue, and apply the that commit as a custom patch to Ruby in your installation (assuming it applies cleanly).
As I mentioned earlier, Ruby 2.4 is in security maintenance phase, and this issue is not a security issue, and thus we would not backport patches to Ruby 2.4 fix it.
Updated by 
Updated by 
Updated by