Backport #4098: URI.decode_www_form hangs for some input strings - Backport192 - Ruby Issue Tracking System

Actions

Copy link

Backport #4098

closed

URI.decode_www_form hangs for some input strings

Added by iconara (Theo Hultberg) over 13 years ago. Updated almost 13 years ago.

Status:

Closed

Assignee:

yugui (Yuki Sonoda)

[ruby-core:33464]

Description

=begin
Running

require 'uri'
URI.decode_www_form('a=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&b')

will hang seemingly forever. If you decrease the number of A's you will eventually see that it just takes a very, very long time to realize that the string is a malformed query string (there's no = in the last parameter). The culprit is line 828 of uri/common.rb, which looks like this:

unless /\A#{WFKV_}=#{WFKV_}(?:[;&]#{WFKV_}=#{WFKV_})*\z/o =~ str

I haven't even tried to decode that regexp, but it's clear that with a string like the one above it will take a very long time to realize that it can't match.
=end

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0

Project

General

Profile

Ruby » Backport192

Custom queries

Backport #4098

URI.decode_www_form hangs for some input strings

Updated by nobu (Nobuyoshi Nakada) over 13 years ago

Updated by nobu (Nobuyoshi Nakada) over 13 years ago

Updated by yugui (Yuki Sonoda) over 13 years ago