python3 -c 'n = 10000; print("1.\n" + " 2.\n"*n)' | time ./src/cmark -t commonmark
python3 -c 'n = 10000; print("1.\n" + " 2.\n"*n)' | time ./src/cmark -t man
Increasing the number 10000 in the above command causes the running time to increase quadratically.
The solution is to keep track of the current item number, rather than recomputing it on every iteration by counting the number of elements in the list.
This is a cherry-pick of one of the commits that we added in cmark-gfm to fix https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5. (Only one of the bugs affects cmark too.)
To reproduce the bug:
Increasing the number 10000 in the above command causes the running time to increase quadratically.
The solution is to keep track of the current item number, rather than recomputing it on every iteration by counting the number of elements in the list.