An install reported a segfault which I traced to this regex in a Herald rule:
@^((?!xyz/).)*\.abc?$@
I think this simplifies to `/^(.)*$/`, which captures every character, although I'm not certain that's enough to cause backtracking/recursion on its own.
I avoided this by changing `pcre.backtrace_limit` and `pcre.recursion_limit` to `10000`. I expect to deploy some flavor of this as a configuration change to the cluster.
Open questions:
- What are reasonable limits?
- What's a test case for hitting the backtrace limit? The recursion limit?
- How can we distinguish between hitting the backtrace/recursion limit and other failures? Does `preg_match()` just return `false` nicely?