Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certain input locks marked #497

Closed
barisusakli opened this issue Oct 8, 2014 · 9 comments
Closed

Certain input locks marked #497

barisusakli opened this issue Oct 8, 2014 · 9 comments

Comments

@barisusakli
Copy link

Using marked with a certain input seems to lock the process. Repro

var marked = require('marked');
console.log(marked('____88888888:::::8::::::::::::::::88888888888888888888<br />________888_8:::888888:::::::::::::::::::::::::88888888888___888 ___________88:::::88888888::::::m::::::::::::::88888888888____8 _________888888888888888888:M::::::::::::::::8888888888888 ________88888888888888888888:::::::::::::::::M88888888888888 ________8888888888888888888888:::::::::::::M8888888888888888 _________8888888888888888888888::::::::::M888888888888888888 ________8888888888888888::88888:::::::::M88888888888888888888 ______88888888888888888:::88888::::::::M888888888888888___8888 _____88888888888888888:::88888::::::M:::::;o*M*o;888888888____88 ____88888888888888888:::8888:::::::M::::::::::::::::::88888888____8 ___88888888888888888::::88:::::::::M:;:::::::::::::::::::888888888 __8888888888888888888:::8:::::::::M::::aAa::::::::::::M8888888888_______ 8 __88___8888888888::88::::8::::::::M::::::::::::::::::::888888888888888_8 888 _88__88888888888:::8::::::::::::::M:::::::::::;::::::::88:88888888888888 888 _8__8888888888888::::::::::::::::M::::@@@@::::::::8w8888888888888888 __88888888888:888:::::::::::::::M:::::::@a@:::::::M8i888888888888888 _8888888888::::88:::::::::::::::M888:::::::::::::::::M88z888888888888888 88 8888888888:::::8::::::::::::::::M88888::::::::::::MM88888888888888888888 8 888888888:::::8::::::::::::::::M8888888MAmAMVMM88*88888888___88888888 888888_M::::::::::::::::::::::M888888888:::::::::MM8888888888888___88888 88 8888___M:::::::::::::::::::::M88888888888:::::::MM88888888888888____8888 8 _888___M::::::::::::::::::::M8888888888888M:::::mM888888888888____888 __888__M:::::::::::::::::::M8888:8888888888888:::m::Mm8888_8888___888 ___88__M:::::::::::::::::::8888:8888888888888888:::::::::Mm8___8888___88 8 ___88__M::::::::::::::::8888M::88888::888888888888::::::::::Mm8888____88&#38;#160;<br />___8___MM:::::::::::::8888M::::8888:::::888888888888::::::::::::Mm8_____ 4 _______8M::::::::::::8888M:::::::888::::::::88:::8888888::::::::::::::Mm_____2 ______88MM:::::::::8888M::::::::::88:::::::::8:::::888888:::::::::M::::: :M _____8888M:::::::::888MM::::::::::::8::::::::::::M::::8888:::::::::::M:: ::M ____88888M:::::::::88:M:::::::::::::::8:::::::::::::M:::8888:::::::::::: M::M ___88_888MM::::::888:M:::::::::::::::::::::::::::::::M:8888::::::::::::: :M: ___8_88888M::::::88::M:::::::::::::::::::::::::::::::::MM:88:::::::::::: :::::M _____88888M::::::88::M:::::::::::::::::*88*::::::::::::M:88::::::::::::: :::::::M ____888888M::::::88::M:::::::::::::::88@@88::::::::::M::88:::::::::::::: :::::::M ____888888MM::::88::MM:::::::::::::88@@88:::::::::::M::::8:::::::::::::: :::::::*8 ____88888__M::::::8::MM:::::::::::::::*88*:::::::::::::M:::::::::::::::: ::::::::::::88@<br />____8888___MM:::::::::MM::::::::::::::::::::::::::::::MM:::::::::::::::: :::::::::::88@@<br />_____888____M:::::::::::MM:::::::::::::::::::::::::::MM::M:::::::::::::: ::::::::::::888/ _____888____MM:::::::::::MMM:::::::::::::::::::::MM::::MM::::::::::::::: ::::::::::MM ______88_____M:::::::::::::MMMM::::::::::::MMMM::::::::MM::::::::::::::: :::::MMM _______88____MM:::::::::::::::MMMMMMMMMMM:::::::::::::MMM:::::::MMMMMM ________88____MM:::::::::::::::::::MMMMM::::::::::::::::::::MMMMMMMMMMII<br />_________88___8MM::::::::::::::::::::::::::::::::::::::::::::::::::MMMMM MMM __________8___88MM:::::::::::::::::::::::::::::::::M:::M:::::::::::MMM ______________888MM:::::::::::::::::::::::::::MM::::::::MM::::::MM _____________88888MM::::::::::::::::::::::MMM:::::::::mM:::::MM<br /><br />damn. it fucks up on this forum.......oh well, you get the idea.'));

CPU hits 100% for a long time, I waited about 5 mins then killed the process.
@barisusakli barisusakli mentioned this issue Oct 8, 2014
Closed
@akhoury akhoury mentioned this issue Oct 16, 2014
Closed
@albertshaw albertshaw mentioned this issue Oct 28, 2014
Closed
@akhoury akhoury mentioned this issue Oct 28, 2014
Closed
@Feder1co5oave Feder1co5oave mentioned this issue Nov 13, 2014
Closed
@puzrin
Copy link

puzrin commented Nov 27, 2014

Try https://github.com/markdown-it/markdown-it , it's much more safe, because of strict parser implementation.

@chjj
Copy link
Member

chjj commented Nov 27, 2014

Probably another case of catastrophic backtracking. I'll look at where I can use negative sets more.

@ilanbiala
Copy link

Any progress on this?

@JCMais JCMais mentioned this issue Mar 3, 2015
Closed
@trabus trabus mentioned this issue Mar 7, 2015
Closed
@knownasilya
Copy link

Would also like to know if any work is being done to address this security issue.

@j201 j201 mentioned this issue Mar 16, 2015
Closed
@ixti ixti mentioned this issue Mar 20, 2015
Closed
robmcguinness pushed a commit to Availity/availity-angular that referenced this issue Mar 24, 2015
switch to markdown-it
fd8ecb8 
markedjs/marked#497
@ahomu ahomu mentioned this issue May 14, 2015
Closed
natedsaint added a commit to natedsaint/cuervo that referenced this issue May 18, 2015
@natedsaint
Moving off marked due to security concerns left unaddressed in marked…
bf3e202 
…js/marked#497
@jlchereau jlchereau mentioned this issue May 27, 2015
Closed
@geraintwhite geraintwhite mentioned this issue Jun 24, 2015
Closed
@freezy freezy mentioned this issue Jun 25, 2015
Closed
@iamstarkov
Copy link

@chjj can you help us? also see https://nodesecurity.io/advisories/marked_redos

@chjj
Copy link
Member

chjj commented Jul 29, 2015

I'll try to rule out whichever regex rules aren't causing this tomorrow night. I'm almost certain this is a case of catastrophic backtracking since marked has failsafes in place to prevent infinite loops. Most js engines will fail after a certain timeout length, but v8 will keep executing (it will most likely eventually fail after several minutes).

@chjj
Copy link
Member

chjj commented Jul 29, 2015

After fooling around a bit, it looks like the em rule's regexes ((?:__|[\s\S])+?) is what is causing the backtracking. Changing it to the inaccurate ((?:[\s\S])+?) fixes the problem. I'll try to rewrite this in a more sensible way.

@chjj chjj closed this as completed in a37bd64 Jul 29, 2015
@chjj
Copy link
Member

chjj commented Jul 29, 2015

@iamstarkov, rewritten. No more hanging. Tests passing. Should be okay now. Try the latest commit.

@chjj
Copy link
Member

chjj commented Jul 29, 2015

v0.3.4 commited and published. Fixed.

gkoberger pushed a commit to readmeio/marked that referenced this issue Aug 24, 2015
@chjj @gkoberger
prevent catastrophic backtracking on em rule. fixes markedjs#497.
ef583a9
ariabuckles added a commit to ariabuckles/simple-markdown that referenced this issue Jan 30, 2016
@ariabuckles
em: fix catastrophic backtracking
4d68a37 
Fixes a catastrophic backtrack in the `em` regex.

See the corresponding issue in marked.js:

 * markedjs/marked#497
 * https://nodesecurity.io/advisories/marked_redos
 * markedjs/marked@a37bd64

Test plan:

Run the following in the node console (after an `npm install`):

```js
> smd = require('./index.js')
> smd.defaultParse('____88888888:::::8::::::::::::::::88888888888888888888<br />________888_8:::888888:::::::::::::::::::::::::88888888888___888 ___________88:::::88888888::::::m::::::::::::::88888888888____8 _________888888888888888888:M::::::::::::::::8888888888888 ________88888888888888888888:::::::::::::::::M88888888888888 ________8888888888888888888888:::::::::::::M8888888888888888 _________8888888888888888888888::::::::::M888888888888888888 ________8888888888888888::88888:::::::::M88888888888888888888 ______88888888888888888:::88888::::::::M888888888888888___8888 _____88888888888888888:::88888::::::M:::::;o*M*o;888888888____88 ____88888888888888888:::8888:::::::M::::::::::::::::::88888888____8 ___88888888888888888::::88:::::::::M:;:::::::::::::::::::888888888 __8888888888888888888:::8:::::::::M::::aAa::::::::::::M8888888888_______ 8 __88___8888888888::88::::8::::::::M::::::::::::::::::::888888888888888_8 888 _88__88888888888:::8::::::::::::::M:::::::::::;::::::::88:88888888888888 888 _8__8888888888888::::::::::::::::M::::@@@@::::::::8w8888888888888888 __88888888888:888:::::::::::::::M:::::::@A@:::::::M8i888888888888888 _8888888888::::88:::::::::::::::M888:::::::::::::::::M88z888888888888888 88 8888888888:::::8::::::::::::::::M88888::::::::::::MM88888888888888888888 8 888888888:::::8::::::::::::::::M8888888MAmAMVMM88*88888888___88888888 888888_M::::::::::::::::::::::M888888888:::::::::MM8888888888888___88888 88 8888___M:::::::::::::::::::::M88888888888:::::::MM88888888888888____8888 8 _888___M::::::::::::::::::::M8888888888888M:::::mM888888888888____888 __888__M:::::::::::::::::::M8888:8888888888888:::m::Mm8888_8888___888 ___88__M:::::::::::::::::::8888:8888888888888888:::::::::Mm8___8888___88 8 ___88__M::::::::::::::::8888M::88888::888888888888::::::::::Mm8888____88&#38;#160;<br />___8___MM:::::::::::::8888M::::8888:::::888888888888::::::::::::Mm8_____ 4 _______8M::::::::::::8888M:::::::888::::::::88:::8888888::::::::::::::Mm_____2 ______88MM:::::::::8888M::::::::::88:::::::::8:::::888888:::::::::M::::: :M _____8888M:::::::::888MM::::::::::::8::::::::::::M::::8888:::::::::::M:: ::M ____88888M:::::::::88:M:::::::::::::::8:::::::::::::M:::8888:::::::::::: M::M ___88_888MM::::::888:M:::::::::::::::::::::::::::::::M:8888::::::::::::: :M: ___8_88888M::::::88::M:::::::::::::::::::::::::::::::::MM:88:::::::::::: :::::M _____88888M::::::88::M:::::::::::::::::*88*::::::::::::M:88::::::::::::: :::::::M ____888888M::::::88::M:::::::::::::::88@@88::::::::::M::88:::::::::::::: :::::::M ____888888MM::::88::MM:::::::::::::88@@88:::::::::::M::::8:::::::::::::: :::::::*8 ____88888__M::::::8::MM:::::::::::::::*88*:::::::::::::M:::::::::::::::: ::::::::::::88@<br />____8888___MM:::::::::MM::::::::::::::::::::::::::::::MM:::::::::::::::: :::::::::::88@@<br />_____888____M:::::::::::MM:::::::::::::::::::::::::::MM::M:::::::::::::: ::::::::::::888/ _____888____MM:::::::::::MMM:::::::::::::::::::::MM::::MM::::::::::::::: ::::::::::MM ______88_____M:::::::::::::MMMM::::::::::::MMMM::::::::MM::::::::::::::: :::::MMM _______88____MM:::::::::::::::MMMMMMMMMMM:::::::::::::MMM:::::::MMMMMM ________88____MM:::::::::::::::::::MMMMM::::::::::::::::::::MMMMMMMMMMII<br />_________88___8MM::::::::::::::::::::::::::::::::::::::::::::::::::MMMMM MMM __________8___88MM:::::::::::::::::::::::::::::::::M:::M:::::::::::MMM ______________888MM:::::::::::::::::::::::::::MM::::::::MM::::::MM _____________88888MM::::::::::::::::::::::MMM:::::::::mM:::::MM<br /><br />damn. it fucks up on this forum.......oh well, you get the idea.'));> smd.defaultParse("console.log(marked('____88888888:::::8::::::::::::::::88888888888888888888<br />________888_8:::888888:::::::::::::::::::::::::88888888888___888 ___________88:::::88888888::::::m::::::::::::::88888888888____8 _________888888888888888888:M::::::::::::::::8888888888888 ________88888888888888888888:::::::::::::::::M88888888888888 ________8888888888888888888888:::::::::::::M8888888888888888 _________8888888888888888888888::::::::::M888888888888888888 ________8888888888888888::88888:::::::::M88888888888888888888 ______88888888888888888:::88888::::::::M888888888888888___8888 _____88888888888888888:::88888::::::M:::::;o*M*o;888888888____88 ____88888888888888888:::8888:::::::M::::::::::::::::::88888888____8 ___88888888888888888::::88:::::::::M:;:::::::::::::::::::888888888 __8888888888888888888:::8:::::::::M::::aAa::::::::::::M8888888888_______ 8 __88___8888888888::88::::8::::::::M::::::::::::::::::::888888888888888_8 888 _88__88888888888:::8::::::::::::::M:::::::::::;::::::::88:88888888888888 888 _8__8888888888888::::::::::::::::M::::@@@@::::::::8w8888888888888888 __88888888888:888:::::::::::::::M:::::::@A@:::::::M8i888888888888888 _8888888888::::88:::::::::::::::M888:::::::::::::::::M88z888888888888888 88 8888888888:::::8::::::::::::::::M88888::::::::::::MM88888888888888888888 8 888888888:::::8::::::::::::::::M8888888MAmAMVMM88*88888888___88888888 888888_M::::::::::::::::::::::M888888888:::::::::MM8888888888888___88888 88 8888___M:::::::::::::::::::::M88888888888:::::::MM88888888888888____8888 8 _888___M::::::::::::::::::::M8888888888888M:::::mM888888888888____888 __888__M:::::::::::::::::::M8888:8888888888888:::m::Mm8888_8888___888 ___88__M:::::::::::::::::::8888:8888888888888888:::::::::Mm8___8888___88 8 ___88__M::::::::::::::::8888M::88888::888888888888::::::::::Mm8888____88&#38;#160;<br />___8___MM:::::::::::::8888M::::8888:::::888888888888::::::::::::Mm8_____ 4 _______8M::::::::::::8888M:::::::888::::::::88:::8888888::::::::::::::Mm_____2 ______88MM:::::::::8888M::::::::::88:::::::::8:::::888888:::::::::M::::: :M _____8888M:::::::::888MM::::::::::::8::::::::::::M::::8888:::::::::::M:: ::M ____88888M:::::::::88:M:::::::::::::::8:::::::::::::M:::8888:::::::::::: M::M ___88_888MM::::::888:M:::::::::::::::::::::::::::::::M:8888::::::::::::: :M: ___8_88888M::::::88::M:::::::::::::::::::::::::::::::::MM:88:::::::::::: :::::M _____88888M::::::88::M:::::::::::::::::*88*::::::::::::M:88::::::::::::: :::::::M ____888888M::::::88::M:::::::::::::::88@@88::::::::::M::88:::::::::::::: :::::::M ____888888MM::::88::MM:::::::::::::88@@88:::::::::::M::::8:::::::::::::: :::::::*8 ____88888__M::::::8::MM:::::::::::::::*88*:::::::::::::M:::::::::::::::: ::::::::::::88@<br />____8888___MM:::::::::MM::::::::::::::::::::::::::::::MM:::::::::::::::: :::::::::::88@@<br />_____888____M:::::::::::MM:::::::::::::::::::::::::::MM::M:::::::::::::: ::::::::::::888/ _____888____MM:::::::::::MMM:::::::::::::::::::::MM::::MM::::::::::::::: ::::::::::MM ______88_____M:::::::::::::MMMM::::::::::::MMMM::::::::MM::::::::::::::: :::::MMM _______88____MM:::::::::::::::MMMMMMMMMMM:::::::::::::MMM:::::::MMMMMM ________88____MM:::::::::::::::::::MMMMM::::::::::::::::::::MMMMMMMMMMII<br />_________88___8MM::::::::::::::::::::::::::::::::::::::::::::::::::MMMMM MMM __________8___88MM:::::::::::::::::::::::::::::::::M:::M:::::::::::MMM ______________888MM:::::::::::::::::::::::::::MM::::::::MM::::::MM _____________88888MM::::::::::::::::::::::MMM:::::::::mM:::::MM<br /><br />damn. it fucks up on this forum.......oh well, you get the idea.'));> smd.defaultParse("console.log(marked('____88888888:::::8::::::::::::::::88888888888888888888<br />________888_8:::888888:::::::::::::::::::::::::88888888888___888 ___________88:::::88888888::::::m::::::::::::::88888888888____8 _________888888888888888888:M::::::::::::::::8888888888888 ________88888888888888888888:::::::::::::::::M88888888888888 ________8888888888888888888888:::::::::::::M8888888888888888 _________8888888888888888888888::::::::::M888888888888888888 ________8888888888888888::88888:::::::::M88888888888888888888 ______88888888888888888:::88888::::::::M888888888888888___8888 _____88888888888888888:::88888::::::M:::::;o*M*o;888888888____88 ____88888888888888888:::8888:::::::M::::::::::::::::::88888888____8 ___88888888888888888::::88:::::::::M:;:::::::::::::::::::888888888 __8888888888888888888:::8:::::::::M::::aAa::::::::::::M8888888888_______ 8 __88___8888888888::88::::8::::::::M::::::::::::::::::::888888888888888_8 888 _88__88888888888:::8::::::::::::::M:::::::::::;::::::::88:88888888888888 888 _8__8888888888888::::::::::::::::M::::@@@@::::::::8w8888888888888888 __88888888888:888:::::::::::::::M:::::::@A@:::::::M8i888888888888888 _8888888888::::88:::::::::::::::M888:::::::::::::::::M88z888888888888888 88 8888888888:::::8::::::::::::::::M88888::::::::::::MM88888888888888888888 8 888888888:::::8::::::::::::::::M8888888MAmAMVMM88*88888888___88888888 888888_M::::::::::::::::::::::M888888888:::::::::MM8888888888888___88888 88 8888___M:::::::::::::::::::::M88888888888:::::::MM88888888888888____8888 8 _888___M::::::::::::::::::::M8888888888888M:::::mM888888888888____888 __888__M:::::::::::::::::::M8888:8888888888888:::m::Mm8888_8888___888 ___88__M:::::::::::::::::::8888:8888888888888888:::::::::Mm8___8888___88 8 ___88__M::::::::::::::::8888M::88888::888888888888::::::::::Mm8888____88&#38;#160;<br />___8___MM:::::::::::::8888M::::8888:::::888888888888::::::::::::Mm8_____ 4 _______8M::::::::::::8888M:::::::888::::::::88:::8888888::::::::::::::Mm_____2 ______88MM:::::::::8888M::::::::::88:::::::::8:::::888888:::::::::M::::: :M _____8888M:::::::::888MM::::::::::::8::::::::::::M::::8888:::::::::::M:: ::M ____88888M:::::::::88:M:::::::::::::::8:::::::::::::M:::8888:::::::::::: M::M ___88_888MM::::::888:M:::::::::::::::::::::::::::::::M:8888::::::::::::: :M: ___8_88888M::::::88::M:::::::::::::::::::::::::::::::::MM:88:::::::::::: :::::M _____88888M::::::88::M:::::::::::::::::*88*::::::::::::M:88::::::::::::: :::::::M ____888888M::::::88::M:::::::::::::::88@@88::::::::::M::88:::::::::::::: :::::::M ____888888MM::::88::MM:::::::::::::88@@88:::::::::::M::::8:::::::::::::: :::::::*8 ____88888__M::::::8::MM:::::::::::::::*88*:::::::::::::M:::::::::::::::: ::::::::::::88@<br />____8888___MM:::::::::MM::::::::::::::::::::::::::::::MM:::::::::::::::: :::::::::::88@@<br />_____888____M:::::::::::MM:::::::::::::::::::::::::::MM::M:::::::::::::: ::::::::::::888/ _____888____MM:::::::::::MMM:::::::::::::::::::::MM::::MM::::::::::::::: ::::::::::MM ______88_____M:::::::::::::MMMM::::::::::::MMMM::::::::MM::::::::::::::: :::::MMM _______88____MM:::::::::::::::MMMMMMMMMMM:::::::::::::MMM:::::::MMMMMM ________88____MM:::::::::::::::::::MMMMM::::::::::::::::::::MMMMMMMMMMII<br />_________88___8MM::::::::::::::::::::::::::::::::::::::::::::::::::MMMMM MMM __________8___88MM:::::::::::::::::::::::::::::::::M:::M:::::::::::MMM ______________888MM:::::::::::::::::::::::::::MM::::::::MM::::::MM _____________88888MM::::::::::::::::::::::MMM:::::::::mM:::::MM<br /><br />damn. it fucks up on this forum.......oh well, you get the idea.');
```

Get a result within a second.

Auditors: alpert
@ariabuckles ariabuckles mentioned this issue Feb 1, 2016
Closed
ghost pushed a commit to zergeborg/marked that referenced this issue May 13, 2016
@chjj
prevent catastrophic backtracking on em rule. fixes markedjs#497.
6d2b44d
@machinshin machinshin mentioned this issue Sep 13, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@knownasilya @puzrin @chjj @iamstarkov @barisusakli @ilanbiala