Parsing [\\\\\\… takes exponential time #157
Comments
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was just causing an exponential complexity explosion. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
There are also quadratic time cases, like |
|
Thanks for reporting. cmark (the C reference
implementation) does not seem to have exponential
behavior with this. That's interesting because the
parsing strategies used are very similar.
|
|
There are also quadratic time cases, like `new commonmark.Parser().parse("[](".repeat(30000))`. (Would you like separate bug reports for these?)
I think a separate issue would be appropriate, thanks.
As with the other issue, I don't see quadratic
behavior with cmark, only with commonmark.js.
|
jgm
added a commit
to jgm/commonmark-hs
that referenced
this issue
Mar 10, 2019
commonmark currently exhibits quadratic behavior for this case. See commonmark/commonmark.js#157.
|
The second case probably has to do with |
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was just causing exponential complexity explosion. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was just causing exponential complexity explosion. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was just causing exponential complexity explosion. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
andersk
added a commit
to andersk/commonmark.js
that referenced
this issue
Mar 10, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was causing exponential complexity explosion. This makes the following behavior changes: * `[foo\\\]` is no longer incorrectly accepted as a link reference. * `<foo\>` is no longer incorrectly accepted as an angle-bracketed link destination. Fixes commonmark#157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
jgm
pushed a commit
that referenced
this issue
Mar 11, 2019
ESCAPED_CHAR already matches `\\`, so matching it again in another alternative was causing exponential complexity explosion. This makes the following behavior changes: * `[foo\\\]` is no longer incorrectly accepted as a link reference. * `<foo\>` is no longer incorrectly accepted as an angle-bracketed link destination. Fixes #157. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
new commonmark.Parser().parse("[" + "\\".repeat(n))runs in exponential time:[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 1.2 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 1.8 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 2.9 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 4.7 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 7.5 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 12.5 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 20.2 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 32.8 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 52.7 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 83.9 seconds[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\→ 137.8 secondsThis could be a denial of service vulnerability in an application that parses user input.
The text was updated successfully, but these errors were encountered: