I'm quite busy right now, but I'll do some profiling on it ASAP and report here.
I can already imagine this is probably caused by backtracking for the * processing (even if you have limited occurrences to 5). Code profiling will tell us more.
Your attached patch shows empty here... without patch, runtest.pl 1307 takes less than a second here. If not yet to be disclosed, you can send this patch to my perso e-mail :-)
Strange: can get it with curl, but FF does not show it :-(
Now that I can see it, I have a straightforward explanation: this is a pathological case!
There are 3 recursivity levels, always failing at the end of string. In addition, the current algorithm tries to match (recursively) the ?s with each string character; * regrouping is not performed because they are separated by the ?s.
I think I can develop a patch for this particular case, but we can think of other pathological cases, like "*[A-Z]*[A-Z]*[[:blank:]]", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
IMHO, the only way to avoid them is to compile the pattern into a Deterministic Finite Automaton first, then apply this DFA to the string. The drawbacks are: bigger code, possible more time consumed in non-pathological cases and possible high memory needs depending on the pattern. By using such a DFA, backtracking is never needed. But maybe this is a bit "overthought" for such an insignifiant function ...?
I did this
Run test case 1307 with the attached patch applied. This is OSS-fuzz issue 5908 (still not open to the public).
I expected the following
The test should execute swiftly and return error/success.
The execution of unit1307 takes many seconds. On my 3.5GHz machine, it takes more than 7 seconds. On slower hardware it can take much more time.
Both 7.58.0 and git master work like this
The text was updated successfully, but these errors were encountered: