#20411 fix Yaml parsing for very long quoted strings #21523
Conversation
| @@ -92,13 +92,13 @@ public function parse($value, $exceptionOnInvalidType = false, $objectSupport = | |||
| } | |||
|
|
|||
| $isRef = $mergeNode = false; | |||
| if (preg_match('#^\-((?P<leadspaces>\s+)(?P<value>.+?))?\s*$#u', $this->currentLine, $values)) { | |||
| if (self::preg_match('#^\-((?P<leadspaces>\s+)(?P<value>.+))?$#u', rtrim($this->currentLine), $values)) { | |||
There was a problem hiding this comment.
See comment on line 127 below
| @@ -124,7 +124,10 @@ public function parse($value, $exceptionOnInvalidType = false, $objectSupport = | |||
| if ($isRef) { | |||
| $this->refs[$isRef] = end($data); | |||
| } | |||
| } elseif (preg_match('#^(?P<key>'.Inline::REGEX_QUOTED_STRING.'|[^ \'"\[\{].*?) *\:(\s+(?P<value>.+?))?\s*$#u', $this->currentLine, $values) && (false === strpos($values['key'], ' #') || in_array($values['key'][0], array('"', "'")))) { | |||
| } elseif (self::preg_match('#^(?P<key>'.Inline::REGEX_QUOTED_STRING.'|[^ \'"\[\{].*?) *\:(\s+(?P<value>.+))?$#u', rtrim($this->currentLine), $values) | |||
There was a problem hiding this comment.
Here, as well as wrapping "preg_match", I have fixed the regex to avoid large numbers of pcre backtracks by moving the trailing whitespace trimming behaviour out of the regex pattern and into a "rtrim" in the argument list.
This may potentially be less performant in some cases (but I expect more performant in most cases, actually), but I have not measured this.
It demonstrably fixes a bug, as can be seen by the unit test I have added to this commit, which fails without this change and passes with it.
There was a problem hiding this comment.
The specific problem with the regex here was the ".+?" followed by a "\s*$", which leads to a great deal of backtracking behaviour in long strings. I could not find a simpler fix than the one I propose here (the possessive quantifier fix used in #21279 would not work here)
| @@ -108,7 +108,7 @@ public function parse($value, $exceptionOnInvalidType = false, $objectSupport = | |||
| $data[] = $this->parseBlock($this->getRealCurrentLineNb() + 1, $this->getNextEmbedBlock(null, true), $exceptionOnInvalidType, $objectSupport, $objectForMap); | |||
| } else { | |||
| if (isset($values['leadspaces']) | |||
| && preg_match('#^(?P<key>'.Inline::REGEX_QUOTED_STRING.'|[^ \'"\{\[].*?) *\:(\s+(?P<value>.+?))?\s*$#u', $values['value'], $matches) | |||
| && self::preg_match('#^(?P<key>'.Inline::REGEX_QUOTED_STRING.'|[^ \'"\{\[].*?) *\:(\s+(?P<value>.+))?$#u', rtrim($values['value']), $matches) | |||
There was a problem hiding this comment.
see comment on line 127
| $error = 'Error.'; | ||
| } | ||
|
|
||
| throw new ParseException($error); |
There was a problem hiding this comment.
This should not be reachable, but should hopefully mean that any further undetected "backtrack_limit" bugs, or any similar bugs added in the future, will result in an exception rather than an incorrect result.
| * @throws ParseException on a PCRE internal error | ||
| * @see preg_last_error() | ||
| */ | ||
| static function preg_match($pattern, $subject, &$matches = null, $flags = 0, $offset = 0) |
There was a problem hiding this comment.
Should probably be called pregMatch if you want to call it like this. Perhaps match would be a better name
There was a problem hiding this comment.
I deliberately named it "preg_match" so that it was a drop-in replacement for the builtin preg_match. Is that disallowed?
| * | ||
| * This avoids us needing to check for "false" every time PCRE is used | ||
| * in the YAML engine | ||
| * |
There was a problem hiding this comment.
must be @internal as we clearly don't want to support BC on it
| $error = 'Error.'; | ||
| } | ||
|
|
||
| throw new ParseException($error); |
There was a problem hiding this comment.
this misses the location of the error in the ParseException
There was a problem hiding this comment.
The location is not always available, unless I make two wrappers -- one static, for Inline and other callers, and one non-static, for use during the parse. Do you think that's worthwhile?
There was a problem hiding this comment.
You could pass the needed context to the new method. Might not look nice, but will do what it should.
| @@ -61,7 +61,7 @@ public function __construct($offset = 0, $totalNumberOfLines = null, array $skip | |||
| */ | |||
| public function parse($value, $exceptionOnInvalidType = false, $objectSupport = false, $objectForMap = false) | |||
| { | |||
| if (!preg_match('//u', $value)) { | |||
| if (!self::preg_match('//u', $value)) { | |||
There was a problem hiding this comment.
I would not replace this, as it would throw an exception saying Malformed UTF-8 data. instead of the expected one
There was a problem hiding this comment.
Good point. I'll add a test to cover this
|
fabbot failures must be fixed. |
|
@RichardBradley Do you have time to finish here? :) |
|
Sorry, I have been busy. I should be able to look over the next couple of days, yes. |
ec7f68e to
0152ad9
Compare
|
I have pushed an update which addresses the review comments above and fixes the "fabbot" style checks. |
| } elseif (preg_match('#^(?P<key>'.Inline::REGEX_QUOTED_STRING.'|[^ \'"\[\{].*?) *\:(\s+(?P<value>.+?))?\s*$#u', $this->currentLine, $values) && (false === strpos($values['key'], ' #') || in_array($values['key'][0], array('"', "'")))) { | ||
| } elseif (self::preg_match('#^(?P<key>'.Inline::REGEX_QUOTED_STRING.'|[^ \'"\[\{].*?) *\:(\s+(?P<value>.+))?$#u', rtrim($this->currentLine), $values) | ||
| && (false === strpos($values['key'], ' #') | ||
| || in_array($values['key'][0], array('"', "'")))) { |
There was a problem hiding this comment.
The way the if condition is wrapped now IMO doesn't make it more readable. Maybe reformat it to something like this:
} elseif (
self::preg_match('#^(?P<key>'.Inline::REGEX_QUOTED_STRING.'|[^ \'"\[\{].*?) *\:(\s+(?P<value>.+))?$#u', rtrim($this->currentLine), $values)
&& (false === strpos($values['key'], ' #') || in_array($values['key'][0], array('"', "'")))
) {There was a problem hiding this comment.
I have pushed a new version with your preferred indentation
| } | ||
|
|
||
| throw new ParseException($error, $this->getRealCurrentLineNb() + 1, $this->currentLine); | ||
| throw new ParseException('Unable to parse', $this->getRealCurrentLineNb() + 1, $this->currentLine); |
There was a problem hiding this comment.
Will this now ever be reached anymore?
There was a problem hiding this comment.
Yes, this line is covered by 3 tests:
ParserTest::testUnindentedCollectionExceptionParserTest::testShortcutKeyUnindentedCollectionExceptionParserTest::testScalarInSequence
|
I have pushed a new version which I believe addresses all the review issues raised |
|
Thank you @RichardBradley. |
…ardBradley) This PR was squashed before being merged into the 2.7 branch (closes #21523). Discussion ---------- #20411 fix Yaml parsing for very long quoted strings | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #20411 | License | MIT | Doc PR | no This is a second fix for the issue discussed in #20411. My first PR (#21279) didn't fix the bug in all cases, sorry. If a YAML string has too many spaces in the value, it can trigger a `PREG_BACKTRACK_LIMIT_ERROR` error in the Yaml parser. There should be no behavioural change other than the bug fix I have included a test which fails before this fix and passes after this fix. I have also added checks that detect other PCRE internal errors and throw a more descriptive exception. Before this patch, the YAML engine would often give incorrect results, rather than throwing, on a PCRE `PREG_BACKTRACK_LIMIT_ERROR` error. Commits ------- c9a1c09 #20411 fix Yaml parsing for very long quoted strings
This is a second fix for the issue discussed in #20411. My first PR (#21279) didn't fix the bug in all cases, sorry.
If a YAML string has too many spaces in the value, it can trigger a
PREG_BACKTRACK_LIMIT_ERRORerror in the Yaml parser.There should be no behavioural change other than the bug fix
I have included a test which fails before this fix and passes after this fix.
I have also added checks that detect other PCRE internal errors and throw a more descriptive exception. Before this patch, the YAML engine would often give incorrect results, rather than throwing, on a PCRE
PREG_BACKTRACK_LIMIT_ERRORerror.