make gix-ignore/fuzz less vulnerable to pathological gix-glob input#2579
Merged
Conversation
Sebastian Thiel (Byron)
force-pushed
the
gix-ignore-fuzz-timeout
branch
2 times, most recently
from
8f64e45 to
f910748
Compare
Sebastian Thiel (Byron)
force-pushed
the
gix-ignore-fuzz-timeout
branch
from
f910748 to
fcf0bef
Compare
There was a problem hiding this comment.
Pull request overview
This PR hardens gix-glob’s wildmatch implementation against pathological glob inputs that can trigger excessive retry/backtracking behavior (as surfaced by fuzzing), aiming to reduce DoS potential when matching repository-relative paths.
Changes:
- Adjust
wildmatch’s*handling to propagate abort signals (AbortToStarStar/AbortAll) instead of treating certain failure modes as ordinary non-matches. - Add a regression test exercising a previously problematic pattern/path combination to ensure the matcher returns promptly.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
gix-glob/src/wildmatch.rs |
Changes *-matching failure returns to propagate abort results and avoid pathological retry behavior. |
gix-glob/tests/pattern/matching.rs |
Adds a regression test case for a pathological input discovered via fuzzing. |
Propagate `AbortToStarStar`/`AbortAll` from `*` handling in the same cases as Git's wildmatch implementation instead of collapsing them to `NoMatch`. This avoids retrying later text positions when a `*` followed by a literal already proved that no viable match exists within the current path component. Add a regression test for a fuzz-discovered pattern/path pair that Git rejects immediately but previously caused pathological runtime in `gix-glob`. Co-authored-by: Sebastian Thiel <sebastian.thiel@icloud.com>
Sebastian Thiel (Byron)
force-pushed
the
gix-ignore-fuzz-timeout
branch
from
fcf0bef to
fe36476
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The fuzzer keeps finding ways to exploit
gix-glob.And maybe this time there should be a way to fix this once and for all.
Thinking about this, Forges have to be very careful about this and essentially
can't run certain parts of Git in or risk being DDoS'ed.
Tasks