Client parser infinite loops on certain markdown

markdown

(Michael Brown) #1

Continuing the discussion from Avoid “naughty” words in avatar list:

As I was screwing around:
D O _ Y O U _ W A N N A _ B U I L D _ A _ S N O W M A N ☃

I realized that the following makes the client hang for a period of time on Linux but COMPLETELY hang Firefox:

![A](https://d11a6trkgmumsb.cloudfront.net/letter_avatar/ /32/2.png)

It’s the space that does it.


(Sam Saffron) #2

This topic is now unlisted. It will no longer be displayed in any topic lists. The only way to access this topic is via direct link.


(Robin Ward) #3

I spent about an hour on this today but it’s tricky, as it’s a bug in a URL regexp I didn’t write :stuck_out_tongue:
I’m trying to find another one, should be tomorrow because I have to run out.


(Robin Ward) #4

This took way longer than I expected to fix, but here we go:

https://github.com/discourse/discourse/commit/0a5c7b15e2835d01f6923d2d7b664774b0f639fb


(Robin Ward) #5

This topic is now listed. It will be displayed in topic lists.


(Jens Maier) #6

Huh. I’m wondering what exactly was going on here. I can see a possible problem with a badly optimized regex engine and deeply nested backtracking, but I can’t reproduce the actual bug:

From the Firefox console:

< var urlRegexp = /old regex as before 0a5c7b/i;
< var sample="![A](https://d11a6trkgmumsb.cloudfront.net/letter_avatar/ /32/2.png)";
< urlRegexp.exec(sample);
> Array [ "https://d11a6trkgmumsb.cloudfront.net/letter_avatar/" ]

(Robin Ward) #7

Did you test with the space in the input? It never fully crashed for me, but definitely took seconds to parse.


(Jens Maier) #8

Execution time is “instantaneous” by eyeball measurement, and I’m not about to try and profile Firefox… :wink:


(Michael Brown) #9

Chrome was OK, it hiccuped for a few seconds before finishing, but Firefox TOTALLY hung.

As in, 100% unresponsive spinning on a CPU hung.


(Jens Maier) #10

After digging deeper… I still can’t tell where exactly the regex starts its catastrophic backtracking. But while I was in there I refactored the code a bit and consolidated the negative lookahead assertions:

https://github.com/discourse/discourse/pull/2827

This thing bugs me. I thought I had regexes figured out, what with having learned Perl as my first dynamic language years ago and, surprisingly, loving every minute of it (yes, even the shoddy, wierd, wonderful OO)… :angry:


(Jeff Atwood) #11