From 9348778cde967a32b1dfc08631edf1611f6c2336 Mon Sep 17 00:00:00 2001
From: Jamie Davis <davisjam@vt.edu>
Date: Sat, 3 Mar 2018 15:54:24 -0500
Subject: [PATCH] remove catastrophic backtracking vulnerability

Problem:
A regex to parse function names was vulnerable to catastrophic
backtracking.

Solution:
Alter the regex to make it safe.
The new regex matches the same language.

This regex is not exploitable for REDOS as currently used.
This change is for future-proofing.
---
 packages/node_modules/pouchdb-utils/src/functionName.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/packages/node_modules/pouchdb-utils/src/functionName.js b/packages/node_modules/pouchdb-utils/src/functionName.js
index 2b9d9cc4e6..f03213e245 100644
--- a/packages/node_modules/pouchdb-utils/src/functionName.js
+++ b/packages/node_modules/pouchdb-utils/src/functionName.js
@@ -15,7 +15,13 @@ if (hasName) {
   };
 } else {
   res = function (fun) {
-    return fun.toString().match(/^\s*function\s*(\S*)\s*\(/)[1];
+    var match = fun.toString().match(/^\s*function\s*(?:(\S+)\s*)?\(/);
+    if (match && match[1]) {
+      return match[1];
+    }
+    else {
+      return '';
+    }
   };
 }