-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
marked 0.3.14 hangs on the attached file, worked in 0.3.9 #1058
Comments
I'm investigating this. Commit a8f2d7f introduced this behavior. It is caused by this piece of markdown: ~~~
move.rs:9:9: 9:22 error: cannot move out of borrowed content
move.rs:9 &MyEnum::Y(y) => println!("{}", *y) // <-- Error, y cannot be moved out of a reference
^~~~~~~~~~~~~
move.rs:9:20: 9:21 note: attempting to move value to here
move.rs:9 &MyEnum::Y(y) => println!("{}", *y) // <-- Error, y cannot be moved out of a reference
^
move.rs:9:20: 9:21 help: to prevent the move, use `ref y` or `ref mut y` to capture value by reference
move.rs:9 &MyEnum::Y(y) => println!("{}", *y) // <-- Error, y cannot be moved out of a reference
^
~~~ |
This causes a hang: > marked.InlineLexer.rules.tag
/^<!--[\s\S]*?-->|^<\/?[a-zA-Z0-9\-]+(?:"[^"]*"|'[^']*'|\s[^<'">\/]*)*?\/?>/
> marked.InlineLexer.rules.tag.exec(`<-- Error, y cannot be moved out of a reference
... ^`) I don't really understand the reason underlying this. |
Wow, quick turn around. My guess is that the regex backtracks and that it hangs because of this (Kind of like here: http://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016). Can't fully pinpoint the issue though. More info here: https://www.regular-expressions.info/catastrophic.html |
Thanks @paulkoerbitz, I too thought immediately to catastrophic backtracking but that group |
@Feder1co5oave thank you for the quick replies. I can't really pinpoint it either (but it seems you know a lot more about this than me anyway ;) ) - I've worked around the issue by pinning my dependency to 0.3.9, so from my side the need for a fix is not super urgent. |
@paulkoerbitz and thank you for reporting and helping. Unfortunately regexes are tricky, and there is no way to determine they run smoothly on every possible input. What I'm trying to work on is to widen our test base. I think I found it is in fact exponential backtracking. I wrote a script to test this: const regex = /^<!--[\s\S]*?-->|^<\/?[a-zA-Z0-9\-]+(?:"[^"]*"|'[^']*'|\s[^<'">\/]*)*?\/?>/;
var src = '<-- Error, y cannot be moved out of a reference';
for (let i = 0; i < 18; i++) {
let begin = process.hrtime();
regex.exec(src);
end = process.hrtime(begin);
console.log(`Matching '${src}' Took ${end[0] * 1000 + end[1] / 10**6} milliseconds`);
src += ' ';
} this prints out:
with any additional space added, it takes roughly double the time and gets terribly slow pretty soon. So that group needs to be rewritten. |
This is a good starting place: https://github.com/NicolaasWeideman/RegexStaticAnalysis |
@davisjam Thanks! I've been looking for something like this for a while! |
Two very different errors were revealed by this issue: This code fence should not end at line 3 because
Then, |
Created #1074 to give us a place to discuss tool recommendations and whatnot. Think this might also be a good opportunity to revisit the concept of projects to help with prioritization and tracking; otherwise we could end up with a lot of half-finished work. @Feder1co5oave, @UziTech, and @styfle: Can you see the projects and move cards now? https://github.com/markedjs/marked/projects/2? |
I can edit projects but I'm not used to them (I've been using Trello for some time though 😆) so I don't have a defined workflow. |
See my analysis of the html.closing regex here. |
I believe this is fixed in #1083. |
I tried the sample from the initial report. It hangs on master but not with the fix in #1083. If the root cause analysis was correct (I haven't checked) then the test case I added in #1083 should suffice to cover this case. But @Feder1co5oave perhaps you still want to add this input file as a standalone test case? |
Problem: Four regexes were vulnerable to catastrophic backtracking. This leaves markdown servers open to a potential REDOS attack. Solution: Refactor the regexes. For two similar regexes (html) I didn't change the language. For two similar regexes (noline) I slightly changed the language: ![[[[[[[[[[[]] was accepted by the old noline pattern. It is now rejected. All tests pass, though I'm not sure if I've broken something that was untested. This addresses markedjs#1070 (with markedjs#1058 along the way).
Problem: Four regexes were vulnerable to catastrophic backtracking. This leaves markdown servers open to a potential REDOS attack. Solution: Refactor the regexes. For two similar regexes (html) I didn't change the language. For two similar regexes (noline) I slightly changed the language: ![[[[[[[[[[[]] was accepted by the old noline pattern. It is now rejected. All tests pass, though I'm not sure if I've broken something that was untested. This addresses markedjs#1070 (with markedjs#1058 along the way). Bonus: rename a stray test to use _ instead of -.
Fixed in #1083 |
Problem: Four regexes were vulnerable to catastrophic backtracking. This leaves markdown servers open to a potential REDOS attack. Solution: Refactor the regexes. For two similar regexes (html) I didn't change the language. For two similar regexes (noline) I slightly changed the language: ![[[[[[[[[[[]] was accepted by the old noline pattern. It is now rejected. All tests pass, though I'm not sure if I've broken something that was untested. This addresses markedjs#1070 (with markedjs#1058 along the way). Bonus: rename a stray test to use _ instead of -.
This fence issue is still not fixed: demo |
…still allowing empty code blocks
Problem: Four regexes were vulnerable to catastrophic backtracking. This leaves markdown servers open to a potential REDOS attack. Solution: Refactor the regexes. For two similar regexes (html) I didn't change the language. For two similar regexes (noline) I slightly changed the language: ![[[[[[[[[[[]] was accepted by the old noline pattern. It is now rejected. All tests pass, though I'm not sure if I've broken something that was untested. This addresses markedjs#1070 (with markedjs#1058 along the way). Bonus: rename a stray test to use _ instead of -.
…still allowing empty code blocks
Expectation
example.txt
should be converted to html. This worked with marked 0.3.9.
Result
With marked 0.3.14 marked "hangs" when given the file.
What was attempted
npm install [email protected]
node_modules/marked/bin/marked
The text was updated successfully, but these errors were encountered: