New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parser: Make attribute parsing possessive #12342
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmsnell
added
[Type] Bug
An existing feature does not function as intended
[Feature] Parsing
Related to efforts to improving the parsing of a string of data and converting it into a different f
labels
Nov 27, 2018
dmsnell
force-pushed
the
parser/fix-catastrophic-backtracking
branch
from
November 27, 2018 05:52
65b0e30
to
073f839
Compare
Added to the 4.6 milestone, would like to prioritise fixing this given potential effects. |
dmsnell
force-pushed
the
parser/fix-catastrophic-backtracking
branch
2 times, most recently
from
November 27, 2018 21:07
c7f954a
to
910ba2d
Compare
dmsnell
force-pushed
the
parser/fix-catastrophic-backtracking
branch
from
November 29, 2018 17:45
910ba2d
to
41e37c7
Compare
Bug introduced in #11369 Someone discovered high CPU usage due to catastrophic backtracking on an invalid block comment delimiter. The following input crashed the parser on the server: ```html <!-- wp:block {"a":0} / --> ``` The optimization introduced in #11369 ended up opening a place for backtracking that shouldn't be there. In this patch we're grouping the attribute parsing section of the tokenizing RegExp pattern so that we can make the group itself _possessive_ so that we abort any backtracking.
dmsnell
force-pushed
the
parser/fix-catastrophic-backtracking
branch
from
November 30, 2018 18:10
41e37c7
to
49c296c
Compare
youknowriad
approved these changes
Nov 30, 2018
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
youknowriad
pushed a commit
that referenced
this pull request
Nov 30, 2018
* Parser: Make attribute parsing possessive Bug introduced in #11369 Someone discovered high CPU usage due to catastrophic backtracking on an invalid block comment delimiter. The following input crashed the parser on the server: ```html <!-- wp:block {"a":0} / --> ``` The optimization introduced in #11369 ended up opening a place for backtracking that shouldn't be there. In this patch we're grouping the attribute parsing section of the tokenizing RegExp pattern so that we can make the group itself _possessive_ so that we abort any backtracking. * add test and fix broken fix * really fix default JS parser * add explanatory comment * add @SInCE comment with updated target version * version bumps
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
[Feature] Parsing
Related to efforts to improving the parsing of a string of data and converting it into a different f
[Type] Bug
An existing feature does not function as intended
[Type] Regression
Related to a regression in the latest release
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug introduced in #11369
Someone discovered high CPU usage due to catastrophic backtracking on
an invalid block comment delimiter. The following input crashed the
parser on the server:
<!-- wp:block {"a":0} / -->
In another case a truncated excerpt crashed the server as well.
The optimization introduced in #11369 ended up opening a place for
backtracking that shouldn't be there. In this patch we're grouping
the attribute parsing section of the tokenizing RegExp pattern so
that we can make the group itself possessive so that we abort
any backtracking.
Status