fix[notask]: validate suppress_regex to prevent ReDoS in whispercpp#1083
Merged
Conversation
The suppress_regex whisper config parameter was passed through to the C++
std::regex engine without any complexity validation. Maliciously crafted
patterns with nested quantifiers could cause catastrophic backtracking,
blocking the inference thread indefinitely.
Add length cap (512 chars) and reject patterns with nested quantifiers
(e.g. .+*, .*+, .{1,}*) before they reach the native layer.
Made-with: Cursor
GustavoA1604
previously approved these changes
Mar 23, 2026
Contributor
Tier-based Approval Status |
ogad-tether
requested changes
Mar 23, 2026
ogad-tether
left a comment
ogad-tether
left a comment
Contributor
There was a problem hiding this comment.
I do not think the current validator catches the cases the PR description is claiming to block. The regex you added mostly detects adjacent quantifiers, but classic catastrophic-backtracking patterns like (a+)+ or ([ab]) can still get through. Since this PR is framed as ReDoS prevention, I would want a stronger validator or a much narrower allowlist before approving it.
… for suppress_regex The previous NESTED_QUANTIFIER_PATTERN only caught adjacent quantifiers but missed classic ReDoS patterns like (a+)+ where a quantifier is applied to a group. Replace with a strict allowlist that rejects any pattern containing parentheses, which blocks all grouping constructs while still allowing practical suppress_regex use cases (character classes, literals, simple quantifiers, alternation, anchors). Made-with: Cursor
GustavoA1604
approved these changes
Mar 24, 2026
ogad-tether
approved these changes
Mar 24, 2026
Contributor
Author
|
/review |
Contributor
Author
|
/review |
Contributor
Author
|
/review |
Proletter
pushed a commit
that referenced
this pull request
May 24, 2026
…1083) * fix[notask]: validate suppress_regex to prevent ReDoS in whispercpp The suppress_regex whisper config parameter was passed through to the C++ std::regex engine without any complexity validation. Maliciously crafted patterns with nested quantifiers could cause catastrophic backtracking, blocking the inference thread indefinitely. Add length cap (512 chars) and reject patterns with nested quantifiers (e.g. .+*, .*+, .{1,}*) before they reach the native layer. Made-with: Cursor * fix[notask]: replace nested quantifier blacklist with parentheses ban for suppress_regex The previous NESTED_QUANTIFIER_PATTERN only caught adjacent quantifiers but missed classic ReDoS patterns like (a+)+ where a quantifier is applied to a group. Replace with a strict allowlist that rejects any pattern containing parentheses, which blocks all grouping constructs while still allowing practical suppress_regex use cases (character classes, literals, simple quantifiers, alternation, anchors). Made-with: Cursor --------- Co-authored-by: Raju <raju.sharma>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
suppress_regexwhisper config parameter to prevent ReDoS attacks against the C++std::regexengineProblem
The
suppress_regexconfig parameter was passed directly to the whisper.cpp C++ layer where it is compiled withstd::regex. Thestd::regexengine is known to be vulnerable to catastrophic backtracking with patterns containing nested quantifiers (e.g.,(a+)+,.*.*,.{1,}*). A malicious regex could block the inference thread indefinitely.Solution
Added
_validateSuppressRegex()inconfigChecker.jsthat runs before the config reaches the native layer:How was it tested?
whispercpp-filesystem.tsexample produces identical outputMade with Cursor