https://git.ruby-lang.org/ruby.git/commit/?id=99c60d4b25

From 99c60d4b25040d712fbed2ffcc8e1044c5e0fe07 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@r...>
Date: Sat, 30 Oct 2021 00:40:21 +0900
Subject: Get rid of exponential backtracks found by CodeQL

Since these regexps are used at build/installation, they are not
vulnerabilities.
---
 tool/mkconfig.rb  | 2 +-
 tool/rbinstall.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tool/mkconfig.rb b/tool/mkconfig.rb
index 6db60724e9a..6e23af51858 100755
--- a/tool/mkconfig.rb
+++ b/tool/mkconfig.rb
@@ -88,7 +88,7 @@ File.foreach "config.status" do |line| https://github.com/ruby/ruby/blob/trunk/tool/mkconfig.rb#L88
       unless $install_name
         $install_name = "ruby"
         val.gsub!(/\$\$/, '$')
-        val.scan(%r[\G[\s;]*(/(?:\\.|[^/])*/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*)\3((?:(?!\3)(?:\\.|.))*)\3([gi]*)]) do
+        val.scan(%r[\G[\s;]*(/(?:\\.|[^/])*+/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*+)\3((?:(?!\3)(?:\\.|.))*+)\3([gi]*)]) do
           |addr, cmd, sep, pat, rep, opt|
           if addr
             Regexp.new(addr[/\A\/(.*)\/\z/, 1]) =~ $install_name or next
diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb
index 6629b4aa733..170a1707d0b 100755
--- a/tool/rbinstall.rb
+++ b/tool/rbinstall.rb
@@ -504,7 +504,7 @@ $script_installer = Class.new(installer) do https://github.com/ruby/ruby/blob/trunk/tool/rbinstall.rb#L504
   if trans = CONFIG["program_transform_name"]
     exp = []
     trans.gsub!(/\$\$/, '$')
-    trans.scan(%r[\G[\s;]*(/(?:\\.|[^/])*/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*)\3((?:(?!\3)(?:\\.|.))*)\3([gi]*)]) do
+    trans.scan(%r[\G[\s;]*(/(?:\\.|[^/])*+/)?([sy])(\\?\W)((?:(?!\3)(?:\\.|.))*+)\3((?:(?!\3)(?:\\.|.))*+)\3([gi]*)]) do
       |addr, cmd, sep, pat, rep, opt|
       addr &&= Regexp.new(addr[/\A\/(.*)\/\z/, 1])
       case cmd
-- 
cgit v1.2.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/