Skip to content

Conversation

@satazor
Copy link
Contributor

@satazor satazor commented Nov 6, 2024

With a very large and well crafted string, the escaping made by cross-spawn hangs forever.

const { argument } = require('cross-spawn/lib/util/escape');
var str = "";
for (var i = 0; i < 1000000; i++) {
  str += "\\";
}
str += "◎";

console.log("start")
argument(str)
console.log("end")

This PR disables regexp back tracking so that it doesn't suffer from this. https://javascript.info/regexp-catastrophic-backtracking for more details.

@satazor satazor force-pushed the bugfix/regexp-backtrack branch from 99d1c1c to 6337cca Compare November 6, 2024 09:06
@satazor satazor merged commit 5ff3a07 into master Nov 6, 2024
1 check passed
satazor added a commit that referenced this pull request Nov 7, 2024
@satazor satazor deleted the bugfix/regexp-backtrack branch November 7, 2024 13:04
satazor added a commit that referenced this pull request Nov 18, 2024
gurus00 pushed a commit to gurus00/node-cross-spawn that referenced this pull request Feb 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants