Skip to content

/prometheus

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crashes in `promql.ParseMetricSelector()` #939

Closed
msiebuhr opened this Issue Jul 28, 2015 · 4 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@msiebuhr @juliusv
@msiebuhr
Copy link
Contributor

msiebuhr commented Jul 28, 2015

After fuzzing ParseMetricSelector() for a few hundred iterations (see #667 (comment)), it is found to crash on inputs , G.٩ and .٩٩٩٩٩٩٩٩٩٩٩٩٩٩٩٩٩.

The first two lead to errors in the lexer and the latter hangs the parser (i.e. it takes more than 10s to complete; the limit looks to be imposed by go-fuzz).

See
@juliusv

This comment has been minimized.

Sign in to view
Copy link
Member

juliusv commented Jul 28, 2015

Whoa, pasting into the Prometheus expression text area in the browser and then hitting the left-arrow button moves the cursor all the way to the left of the input field and then freezes my Chrome tab. Seems like Prometheus isn't the only piece of software disliking that character combination...

juliusv added a commit that referenced this issue Jul 29, 2015

@juliusv
Fix lexer bug treating non-Latin Unicode digits as digits. 
Fixes #939
Loading status checks…
4e4b468

@juliusv juliusv referenced this issue Jul 29, 2015

Merged

Fix lexer bug treating non-Latin Unicode digits as digits. #942

@juliusv

This comment has been minimized.

Sign in to view
Copy link
Member

juliusv commented Jul 29, 2015

Hah. So this symbol is an Arabic 9, which is categorized as a digit by unicode.IsDigit().

http://play.golang.org/p/TsuLx8f2pO

Same for the other "digits" in the Arabic Unicode block: https://en.wikipedia.org/wiki/Arabic_(Unicode_block)

This throws off our parser because we use unicode.IsDigit() in multiple places in the lexer in the expectation that it would only match [0-9].

Filed #942 to fix this.

I definitely learned something new today.

@juliusv juliusv closed this in #942 Jul 29, 2015

@juliusv

This comment has been minimized.

Sign in to view
Copy link
Member

juliusv commented Jul 29, 2015

@msiebuhr Btw., were you inspired by this Fuzz-athon? https://groups.google.com/forum/#!topic/golang-nuts/4PmyYvcnpIs

gouthamve pushed a commit to gouthamve/promql that referenced this issue Mar 28, 2018

@juliusv
Fix lexer bug treating non-Latin Unicode digits as digits. 
Fixes prometheus/prometheus#939
6537cd8
@lock

This comment has been minimized.

Sign in to view
Copy link

lock bot commented Mar 24, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked and limited conversation to collaborators Mar 24, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.