Bug 7707 - __STYLE_GIBBERISH_1 causes 100% CPU usage in some messages
Summary: __STYLE_GIBBERISH_1 causes 100% CPU usage in some messages
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 3.4.2
Hardware: PC Linux
: P2 major
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-16 11:00 UTC by matthias
Modified: 2019-05-29 16:55 UTC (History)
2 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
regex "loop" text/plain None matthias@zu-con.org [NoCLA]
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description matthias 2019-04-16 11:00:50 UTC 
Created attachment 5650 [details]
regex "loop"

Hello,

mails with the attached text cause spamd to stuck with 100%:

This seems to be caused by the following rule:

rawbody        __STYLE_GIBBERISH_1      /<style(?:\s[^>]{0,40})?>(?:\s{0,100}(?!<\/style>)(?:(?:\/\*(?:\s|[^*<]|\*(?!\/)|<(?!\/style>)){0,200}\*\/)|\#[^{<]{1,50}\{[^}<]{4,100}\})){0,4}+(?:\s{0,100}(?!<\/style>|\/\*)(?:\/{3,}+\*|,{2,}+|;{2,}+|:{2,}+|\|{2,}+|[^\s:;,\|]|[:;,\|\/]{2})){150}/im

The backtrace of the spamd process:

#0  S_regmatch (prog=<optimized out>, startpos=<optimized out>, reginfo=<optimized out>, my_perl=0x55f8ed3c5800 <PL_regkind>) at regexec.c:8432
#1  S_regtry (my_perl=my_perl@entry=0x55f8ee742010, reginfo=reginfo@entry=0x7ffc6ddca7e0, startposp=startposp@entry=0x7ffc6ddca7d0) at regexec.c:3628
#2  0x000055f8ed36633b in Perl_regexec_flags (my_perl=0x55f8ee742010, rx=0x55f8f2e94f88,
    stringarg=0x55f8f3416ab0 "<style>\n::\n::\n::::\n::::\n::::::\n::::::::\n::::::::::\n", ':' <repeats 12 times>, "\n", ':' <repeats 14 times>, "\n", ':' <repeats 16 times>, "\n", ':' <repeats 18 times>, "\n", ':' <repeats 20 times>, "\n", ':' <repeats 22 times>, "\n", ':' <repeats 24 times>, "\n", ':' <repeats 16 times>..., strend=0x55f8f3416d1a "",
    strbeg=0x55f8f3416ab0 "<style>\n::\n::\n::::\n::::\n::::::\n::::::::\n::::::::::\n", ':' <repeats 12 times>, "\n", ':' <repeats 14 times>, "\n", ':' <repeats 16 times>, "\n", ':' <repeats 18 times>, "\n", ':' <repeats 20 times>, "\n",
':' <repeats 22 times>, "\n", ':' <repeats 24 times>, "\n", ':' <repeats 16 times>..., minend=<optimized out>, sv=0x55f8f335dc88, data=0x0, flags=97) at regexec.c:3342
#3  0x000055f8ed2f188c in Perl_pp_match (my_perl=0x55f8ee742010) at pp_hot.c:1817
#4  0x000055f8ed2edaa6 in Perl_runops_standard (my_perl=0x55f8ee742010) at run.c:41
#5  0x000055f8ed2737d5 in S_run_body (oldscope=<optimized out>, my_perl=<optimized out>) at perl.c:2483
#6  perl_run (my_perl=0x55f8ee742010) at perl.c:2411
#7  0x000055f8ed24ca5d in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:116

Best regards,
Mattihas
Comment 1 matthias 2019-04-16 11:03:22 UTC 
I've tested this with spamassassin from debian jessie and stretch
Comment 2 John Hardin 2019-04-16 16:17:29 UTC 
It's better to report issues with specific rules on the users list.

Thanks for the report.

Sending        svn/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Transmitting file data .done
Committing transaction...
Committed revision 1857655.
Comment 3 John Hardin 2019-05-29 16:55:52 UTC 
(In reply to John Hardin from comment #2)
> It's better to report issues with specific rules on the users list.

EXCEPT in the case of runaway scan times. Sorry.