Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Quadratic behaviour on pathological html #73

Closed
marcusklaas opened this issue Apr 29, 2019 · 3 comments
Closed

Quadratic behaviour on pathological html #73

marcusklaas opened this issue Apr 29, 2019 · 3 comments
Labels

Comments

@marcusklaas
Copy link

@marcusklaas marcusklaas commented Apr 29, 2019

Found this vulnerability in pulldown-cmark. It appears md4c is also vulnerable.

python -c 'print("a <![CDATA[" * 10000)' | time md2html/md2html > /dev/null
0.38user 0.00system 0:00.39elapsed 95%CPU (0avgtext+0avgdata 2688maxresident)k

python -c 'print("a <![CDATA[" * 20000)' | time md2html/md2html > /dev/null
1.49user 0.00system 0:01.51elapsed 98%CPU (0avgtext+0avgdata 4204maxresident)k

python -c 'print("a <![CDATA[" * 40000)' | time md2html/md2html > /dev/null
5.96user 0.00system 0:05.99elapsed 99%CPU (0avgtext+0avgdata 7016maxresident)k
@mity
Copy link
Owner

@mity mity commented Apr 29, 2019

Ack.

Seems to be also the case for repetitions of a <?

$ time python -c 'print("a <? " * 10000)' | ./md2html/md2html >/dev/null
real    0m0.615s
user    0m0.015s
sys     0m0.031s

$ time python -c 'print("a <? " * 20000)' | ./md2html/md2html >/dev/null
real    0m2.227s
user    0m0.000s
sys     0m0.046s

Loading

@mity
Copy link
Owner

@mity mity commented Apr 29, 2019

And repetitions of a <!A:

$ time python -c 'print("a <!A" * 10000)' | ./md2html/md2html >/dev/null
real    0m0.529s
user    0m0.000s
sys     0m0.062s

$ time python -c 'print("a <!A" * 20000)' | ./md2html/md2html >/dev/null
real    0m1.890s
user    0m0.015s
sys     0m0.015s

$ time python -c 'print("a <!A" * 30000)' | ./md2html/md2html >/dev/null
real    0m4.169s
user    0m0.000s
sys     0m0.030s

Loading

@mity mity closed this in d4d1091 Apr 29, 2019
@marcusklaas
Copy link
Author

@marcusklaas marcusklaas commented Apr 29, 2019

Amazed by the lightning speed turnaround on this! 👀

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants