Quadratic behavior when scanning inline HTML comments

Question

Closed this issue a year ago · 3 comments

python3 -c 'print("a"+"<!--"*50000)' |build/src/cmark >/dev/null

This regressed in commit 4470ff3. Found by OSS-Fuzz.

Answer 1 · 2023-01-13T16:57:08.000Z

I already have a fix for this which I'll push later.

Answer 2 · 2023-01-13T17:23:44.000Z

Answer 3 · 2023-01-30T14:08:16.000Z

FYI, this bug also affected cmark-gfm (GitHub's fork of cmark), where we have assigned it CVE-2023-22484.