Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parsing *_*_*_… takes quadratic time #583

Closed
andersk opened this issue Aug 14, 2019 · 3 comments
Closed

Parsing *_*_*_… takes quadratic time #583

andersk opened this issue Aug 14, 2019 · 3 comments
Labels
bug

Comments

@andersk
Copy link

andersk commented Aug 14, 2019 

$ time node -e 'new require("markdown-it")("commonmark").parse("*_".repeat(10000))'
0.65user 0.01system 0:00.65elapsed 103%CPU (0avgtext+0avgdata 43360maxresident)k
0inputs+0outputs (0major+5493minor)pagefaults 0swaps
$ time node -e 'new require("markdown-it")("commonmark").parse("*_".repeat(20000))'
3.05user 0.01system 0:03.06elapsed 100%CPU (0avgtext+0avgdata 49972maxresident)k
0inputs+0outputs (0major+7101minor)pagefaults 0swaps
$ time node -e 'new require("markdown-it")("commonmark").parse("*_".repeat(40000))'
19.67user 0.05system 0:20.29elapsed 97%CPU (0avgtext+0avgdata 65260maxresident)k
0inputs+0outputs (0major+10989minor)pagefaults 0swaps
$ time node -e 'new require("markdown-it")("commonmark").parse("*_".repeat(80000))'
88.29user 0.17system 1:30.10elapsed 98%CPU (0avgtext+0avgdata 102900maxresident)k
0inputs+0outputs (0major+20453minor)pagefaults 0swaps

This could be a denial of service vulnerability in an application that parses user input.
@puzrin puzrin added the bug label Aug 19, 2019
@puzrin
Copy link
Member

puzrin commented Aug 19, 2019
edited

Thank you for info. Will be fixed this or next week.

@rlidwka rlidwka mentioned this issue Aug 30, 2019
Closed
@afwn90cj93201nixr2e1re
Copy link

@puzrin any updates?

@puzrin
Copy link
Member

puzrin commented Sep 10, 2019

Released 10.+ with fix

@puzrin puzrin closed this as completed Sep 10, 2019
@RedMickey RedMickey mentioned this issue Mar 16, 2020
Closed
@andersk andersk mentioned this issue Nov 18, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andersk @puzrin @afwn90cj93201nixr2e1re