Quadratic behavior when scanning inline HTML comments

commonmark / cmark

CommonMark parsing and rendering library and program in C

Other

1.6k stars 534 forks source link

Closed nwellnhof closed 1 year ago

nwellnhof commented 1 year ago

python3 -c 'print("a"+"<!--"*50000)' |build/src/cmark >/dev/null

This regressed in commit 4470ff33. Found by OSS-Fuzz.

jgm commented 1 year ago

I already have a fix for this which I'll push later.

jgm commented 1 year ago

Fixed by 6a5126a8d65ad8615ed1f8efb025bebc06e9483d

kevinbackhouse commented 1 year ago

FYI, this bug also affected cmark-gfm (GitHub's fork of cmark), where we have assigned it CVE-2023-22484.