~jtraub


#24 Redirector config contains regexp with catastrophic backtracking 2 years ago

Comment by ~jtraub on ~edwardloveall/Scribe

Sure, try this one

https://chart.apis.google.com/chart?chtt=123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456

Google throws 400 error on this url, but with scribe.rip enabled in redirector attempt to visit this url will hang your browser.

I suppose your other solution will hang too on such urls because the regex itself makes the js regex engine to take too many steps.

UPD: (?:.*\.)* causes backtracking so you need a dozen of dots in URL for this problem to appear. However, it seems that long URLs with many dots in it are not that uncommon on the web: Amazon and Google seems to use them.

#24 Redirector config contains regexp with catastrophic backtracking 2 years ago

Ticket created by ~jtraub on ~edwardloveall/Scribe

Regexp in Redirector config is susceptible to catastrophic backtracking causing enormous CPU usage and even browser halt whenever user visits a page with long enough URL.

Related issue in Redirector tracker

I have proposed an update to regexp in the issue but I am not sure what medium subdomain limitations are. Maybe we can shrink number of steps the regex engine takes even more?