push latest Hackage version 0.2.1 to this git repo
Closed this issue · 12 comments
https://hackage.haskell.org/package/cmark-gfm-0.2.1 whereas this repo is still version 0.2.0.
See also GHSA-7gc6-9qr5-hc85
(I can submit a patch of the github/cmark-gfm C changes if it helps, which I prepared for Fedora.)
Ah, it was tagged but not on master somehow. Will fixup.
I'll publish 0.2.2 shortly with the table fixup. Thanks for letting me know.
Thanks a lot!
Asherah, do you know how to reproduce the O(n^2) table issue with pandoc?
So far I couldn't but I am not sure if I am using the right/needed gfm extensions etc.
I tried python -c 'print("aaa\rbbb\n-\v\n" * 30000)' | time pandoc -f gfm but that only takes ~7s on my laptop.
Whereas the corresponding pathological test takes >60s with cmark-gfm-0.29.0.gfm.0.
cc @jgm
edit: I tried now with gfm+pipe_tables too.
pandoc doesn't use this library any more -- we use commonmark, commonmark-extensions, commonmark-pandoc.
(Assuming you're using recent pandoc)
I know John, we communicated in email too recently.
But I am trying to reproduce this with pandoc-2.9 and earlier, thanks!
Asherah, do you know how to reproduce the O(n^2) table issue with pandoc?
Unfortunately I have no experience with pandoc!
Okay I was starting to wonder if even cmark-gfm-hs is directly affected or not?
I will try to make some test to see about that.
Okay I can reproduce pretty easily for 0.2.1 with
commonmarkToHtml [] [extTable] (T.replicate 30000 "aaa\rbbb\n-\v\n")
inside test-cmark.hs
Just FYI I did manage in the end recently to reproduce this also with pandoc in ghci at least:
:set -XOverloadedStrings
import qualified Data.Text as T
runPure $ readCommonMark (def {readerExtensions = githubMarkdownExtensions }) (T.replicate 3000 "aaa\rbbb\n-\v\n")
But afaict the pandoc program's preprocessing filters out the '\r' before it reaches readCommonMark, so it might not be affected?