assigned to @mclow

First crash - in regex_match. Using this target function

extern "C" void LLVMFuzzerTestOneInput(const unsigned char *data, size_t size) {
if (size > 0)
{
try
{
std::regex::flag_type flag = std::regex_constants::grep;
std::string s((const char *)data, size);
std::regex re(s, flag);
std::regex_match(s, re);
}
catch (std::regex_error &ex) {}
}
}

I reduced this test case down to "\8" and fixed it in 245849.

Leaving the bug open b/c I think the fuzzer will find more.

Here's another one the uzzer found (simplified).
This one doesn't fail, but it takes minutes to match against itself.

const char bad = "#\(.\)*###################.######.####### ";

Is there still an interest in fuzzing libc++'s regex?
We now have https://github.com/google/oss-fuzz, a continuous
fuzzing service, where libc++ would be welcome.

Fuzzing regex now yield this:
projects/libcxx/include/regex:4058:21: runtime error: signed integer overflow: 403809844 * 10 cannot be represented in type 'int'

and then quickly gets stuck in timeouts.

We have fixed all the regex crashes that OSS-Fuzz has reported.
What's left is stack overflows, large memory usage, and timeouts.

Closing this bug, because they're all being tracked over at OSS-Fuzz.