WordPress.org

Ready to get started?Download WordPress

Forums

[plugin CSS Compress] - has a really bad regex (1 post)

  1. ridgerunner
    Member
    Posted 4 years ago #

    The comment matching regex in css-compress.php is fatally flawed (for most NFA regex engines - including PHP/PCRE). Although this regex does work very well when matching valid comments, it fails and goes super-linear (i.e. experiences "catastrophic backtracking") when faced with an invalid comment such as this one:

    '/************************ /'

    The regex engine requires more than 400,000 steps to determine that this short string does not match. (Adding just two more asterisks kicks this up to over a million!) Fortunately, the regex is easily fixed by adding just one character...

    'Bad:
    /\*[^*]*\*+([^/][^*]*\*+)*/
    Good:
    /\*[^*]*\*+([^/*][^*]*\*+)*/'

    The fixed regex requires only 9 steps to declare a non-match. Please refer to the book: "Mastering Regular Expressions (3rd Edition" by Jeffrey Friedl for a complete description of this regex and the advanced "un-rolling-the-loop" technique that it employs. (Friedl is the one who originally wrote this regex and came up with this technique).

    For more info an Catastrophic Backtracking see:
    http://www.regular-expressions.info/catastrophic.html

    Hope this helps. =^)

Topic Closed

This topic has been closed to new replies.

About this Topic