Project

General

Profile

Bug #15938

Error thrown undeterministically: `RegexpError: empty range in char class`

Added by dlee (David Lee) 6 months ago. Updated 6 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:93232]

Description

When instantiating a Regexp, we only sometimes see RegexpError: empty range in char class.

To reproduce:
100.times { Regexp.new("^([\\w'+-.%]+@[\\w-.]+\\.[A-Za-z]{2,25})(,[\\w+-.%]+@[\\w-.]+\\.[A-Za-z]{2,4}){0,4}$") }
usually does not throw the error, but
100000.times { Regexp.new("^([\\w'+-.%]+@[\\w-.]+\\.[A-Za-z]{2,25})(,[\\w+-.%]+@[\\w-.]+\\.[A-Za-z]{2,4}){0,4}$") }
usually throws the error.

Furthermore, sometimes accompanying calls matter:
10.times { Regexp.new("[\\w-.]"); Regexp.new("[\\w-]") }
usually does not throw the error, but
10.times { Regexp.new("[\\w-.]") }
usually throws the error.

History

Updated by dlee (David Lee) 6 months ago

FYI, these errors are deterministically thrown in ruby versions 2.5+, albeit with a different error message: unmatched range specifier in char-class.

Updated by jeremyevans0 (Jeremy Evans) 6 months ago

  • Status changed from Open to Closed

I was able to reproduce your issue. However, Ruby 2.4 is in security maintenance phase. As this does not appear to be a security issue, we will not be backporting changes to fix it. Please see https://www.ruby-lang.org/en/downloads/branches/ for details, and please try updating to Ruby 2.6.3.

Updated by nobu (Nobuyoshi Nakada) 6 months ago

  • Status changed from Closed to Rejected

\w cannot be an edge of range in char-class, as it is not a single char.

Updated by dlee (David Lee) 6 months ago

Jeremy,

Thank you for the update. We know that Ruby 2.5+ has fixed this issue, but we were hoping the fix could be backported. Do you know if there is any workaround to reliably get Regexp to throw those errors?

Nobuyoshi,

Thanks, we understand that the Regexp is invalid. We were hoping that Ruby would deterministically throw the error, since we're relying on it to validate user-submitted regexp.

Updated by jeremyevans0 (Jeremy Evans) 6 months ago

dlee (David Lee) wrote:

Thank you for the update. We know that Ruby 2.5+ has fixed this issue, but we were hoping the fix could be backported. Do you know if there is any workaround to reliably get Regexp to throw those errors?

You could bisect the repository for changes between 2.4 and 2.5 to see which commit fixed the issue, and apply the that commit as a custom patch to Ruby in your installation (assuming it applies cleanly).

As I mentioned earlier, Ruby 2.4 is in security maintenance phase, and this issue is not a security issue, and thus we would not backport patches to Ruby 2.4 fix it.

Also available in: Atom PDF