Skip to content

fix: disable regexp backtracking #160

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 6, 2024
Merged

fix: disable regexp backtracking #160

merged 1 commit into from
Nov 6, 2024

Conversation

satazor
Copy link
Contributor

@satazor satazor commented Nov 6, 2024

With a very large and well crafted string, the escaping made by cross-spawn hangs forever.

const { argument } = require('cross-spawn/lib/util/escape');
var str = "";
for (var i = 0; i < 1000000; i++) {
  str += "\\";
}
str += "◎";

console.log("start")
argument(str)
console.log("end")

This PR disables regexp back tracking so that it doesn't suffer from this. https://javascript.info/regexp-catastrophic-backtracking for more details.

@satazor satazor force-pushed the bugfix/regexp-backtrack branch from 99d1c1c to 6337cca Compare November 6, 2024 09:06
@satazor satazor merged commit 5ff3a07 into master Nov 6, 2024
1 check passed
satazor added a commit that referenced this pull request Nov 7, 2024
@satazor
Revert "fix: disable regexp backtracking (#160)"
31c1712 
This reverts commit 5ff3a07.
@satazor satazor mentioned this pull request Nov 7, 2024
Merged
@satazor satazor deleted the bugfix/regexp-backtrack branch November 7, 2024 13:04
satazor added a commit that referenced this pull request Nov 18, 2024
@satazor
fix: disable regexp backtracking (#160)
ba5aaef
@Scc33 Scc33 mentioned this pull request Nov 18, 2024
Open
This was referenced Nov 19, 2024
Closed
Merged
@folortin folortin mentioned this pull request Nov 21, 2024
Closed
This was referenced Dec 9, 2024
Merged
Merged
@debricked debricked bot mentioned this pull request Dec 19, 2024
Merged
This was referenced Jan 7, 2025
Closed
Closed
This was referenced Jan 17, 2025
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Jan 23, 2025
Open
Open
This was referenced Jan 28, 2025
Open
Open
Open
@debricked debricked bot mentioned this pull request Feb 4, 2025
Merged
This was referenced Feb 10, 2025
Open
Open
Open
Open
Open
Open
Open
Open
Open
gurus00 pushed a commit to gurus00/node-cross-spawn that referenced this pull request Feb 11, 2025
@satazor
fix: disable regexp backtracking (moxystudio#160)
33bca0b
@deepsource-dev deepsource-dev bot mentioned this pull request Feb 13, 2025
Open
@pratheeshrussell-qb pratheeshrussell-qb mentioned this pull request Feb 20, 2025
Closed
@github-actions github-actions bot mentioned this pull request Feb 25, 2025
Closed
@pratheeshrussell-qb pratheeshrussell-qb mentioned this pull request Apr 7, 2025
Closed
@github-actions github-actions bot mentioned this pull request Apr 7, 2025
Open
This was referenced Apr 11, 2025
Open
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@Thompson1985 Thompson1985 Thompson1985 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@satazor @Thompson1985