vbscript.dll regular expression object (RegExp) memory leak

From: g g (ggo2222_at_YAHOO.COM)
Date: 02/27/05

  • Next message: robert_at_WEBAPPSEC.ORG: "WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein"
    Date:         Sun, 27 Feb 2005 05:51:41 -0800
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Hello,

    The following vbscript, which uses the RegExp object,
    causes memory leak (tested under Windows XP SP2 with
    Script Engine V5.6); when you run it, locate the
    associated wscript.exe or cscript.exe process in the
    Windows task manager, then click "OK" in the "Start"
    message box, and see how the "Mem Usage" value grows
    in the task manager.

    Dim PatternStr
    Dim oRegExp
    Dim oMatches

    PatternStrBuggy = "^(?:\<([0-9]+)\>)?(?:([A-Za-z]+)
    )?(?:([\d ]\d) )?(?:(\d+)
    )?(?:([0-9]+:[0-9]+:[0-9]+(?:\.[0-9]+)?) )?(?:([^ :]+)
    )?((?:(?:([^ \[\:]+)(?:\[([0-9]+)\])?:)? )?(.*))"
    strng = "c"

    Set oRegExp = New RegExp
    oRegExp.Global = true
    oRegExp.Multiline = true
    oRegExp.Pattern = PatternStrBuggy
    On Error Resume Next
    MsgBox "start"
    For i=1 to 10000000
            Set oMatches = oRegExp.Execute(strng)
    Next
    MsgBox "stop"

    *** end of mail ***

    __________________________________
    Do you Yahoo!?
    Yahoo! Mail - Easier than ever with enhanced search. Learn more.
    http://info.mail.yahoo.com/mail_250

    --
    NTBugtraq Editor's Note:
    Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
    --
    

  • Next message: robert_at_WEBAPPSEC.ORG: "WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein"

    Relevant Pages

    • Re: Reading IE browser contents?
      ... The Document object represents the loaded page. ... "Microsoft Shell Controls and Automation" ... Dim ie2 As InternetExplorer ... windows AND IE windows. ...
      (microsoft.public.vb.general.discussion)
    • RE: GetOpen filename to open files(Workbooks)
      ... As I said previously you can't circumvent the windows security protection ... Set FileNameXls = Workbooks.Open(_ ... Dim FileNameXls As Variant ... Dim ShName As String, PathStr As String ...
      (microsoft.public.excel.misc)
    • Re: function PlaySound does not work
      ... You need to use any of several methods to get the Windows directory. ... Private Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long ... Public Function GetWinDir() As String ... Dim sBuffer As String ...
      (microsoft.public.vb.winapi)
    • Re: Improving Application Performance by DISABLING hardware acceleration?
      ... I found a similar issue when using Windows Media Encoder for screen capture ... Another issue that Disabling Hardware Acceleration seems to solve, ... Dim hSDC, hMDC, hMDC2 As Integer ... > improve performance when operating on in-memory DDBs. ...
      (microsoft.public.win32.programmer.gdi)
    • Re: How do I update Word 2002 to create merged faxes?
      ... If you have Windows 2000 or Windows XP, the "official" way is to have the ... If you're going to try it, please read the notes, modify the macro to suit ... Dim bFaxServerAvailable As Boolean ... Dim oFaxPorts As FAXCOMLib.FaxPorts ...
      (microsoft.public.word.mailmerge.fields)