Change Details

An install reported a segfault which I traced to this regex in a Herald rule: @^((?!xyz/).)*\.abc?$@ I think this simplifies to `/^(.)*$/`, which captures every character, although I'm not certain that's enough to cause backtracking/recursion on its own. I avoided this by changing `pcre.backtrace_limit` and `pcre.recursion_limit` to `10000`. I expect to deploy some flavor of this as a configuration change to the cluster. Open questions: - What are reasonable limits? - What's a test case for hitting the backtrace limit? The recursion limit? - How can we distinguish between hitting the backtrace/recursion limit and other failures? Does `preg_match()` just return `false` nicely?

An install reported a segfault which I traced to this regex in a Herald rule: @^((?!xyz/).)*\.abc?$@ I think this simplifies to `/^(.)*$/`, which captures every character, although I'm not certain that's enough to cause backtracking/recursion on its own. I avoided this by changing `pcre.backtrack_limit` and `pcre.recursion_limit` to `10000`. I expect to deploy some flavor of this as a configuration change to the cluster. Open questions: - What are reasonable limits? - What's a test case for hitting the backtrace limit? The recursion limit? - How can we distinguish between hitting the backtrack/recursion limit and other failures? Does `preg_match()` just return `false` nicely?

An install reported a segfault which I traced to this regex in a Herald rule: @^((?!xyz/).)*\.abc?$@ I think this simplifies to `/^(.)*$/`, which captures every character, although I'm not certain that's enough to cause backtracking/recursion on its own. I avoided this by changing `pcre.backtracek_limit` and `pcre.recursion_limit` to `10000`. I expect to deploy some flavor of this as a configuration change to the cluster. Open questions: - What are reasonable limits? - What's a test case for hitting the backtrace limit? The recursion limit? - How can we distinguish between hitting the backtracek/recursion limit and other failures? Does `preg_match()` just return `false` nicely?