- Sponsor
-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parsing [\\\\\\… takes exponential time #157
Comments
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was just causing an exponential complexity explosion. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
There are also quadratic time cases, like |
Thanks for reporting. cmark (the C reference
implementation) does not seem to have exponential
behavior with this. That's interesting because the
parsing strategies used are very similar.
|
There are also quadratic time cases, like `new commonmark.Parser().parse("[](".repeat(30000))`. (Would you like separate bug reports for these?)
I think a separate issue would be appropriate, thanks.
As with the other issue, I don't see quadratic
behavior with cmark, only with commonmark.js.
|
jgm
added a commit
to jgm/commonmark-hs
that referenced
this issue
Mar 10, 2019
commonmark currently exhibits quadratic behavior for this case. See commonmark/commonmark.js#157.
The second case probably has to do with |
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was just causing exponential complexity explosion. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was just causing exponential complexity explosion. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was just causing exponential complexity explosion. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was causing exponential complexity explosion. This makes the following behavior changes: * `[foo\\\]` is no longer incorrectly accepted as a link reference. * `<foo\>` is no longer incorrectly accepted as an angle-bracketed link destination. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
jgm
pushed a commit
that referenced
this issue
Mar 11, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was causing exponential complexity explosion. This makes the following behavior changes: * `[foo\\\]` is no longer incorrectly accepted as a link reference. * `<foo\>` is no longer incorrectly accepted as an angle-bracketed link destination. Fixes #157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
new commonmark.Parser().parse("[" + "\\".repeat(n))
runs in exponential time:[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 1.2 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 1.8 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 2.9 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 4.7 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 7.5 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 12.5 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 20.2 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 32.8 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 52.7 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 83.9 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
→ 137.8 secondsThis could be a denial of service vulnerability in an application that parses user input.
The text was updated successfully, but these errors were encountered: