REReplace() does not return and can take down server
Description
Environment
Windows x64 (all)
Activity
Show:
Michael Offner 22 December 2017 at 10:25
same happen with ACF, so seem to be an issue in oro, but also in the latest version.
Michael Offner 22 December 2017 at 10:16
we are using version 2.0.8
https://github.com/lucee/Lucee/blob/5.2/core/src/main/java/META-INF/MANIFEST.MF#L337
we already have the latest version...
Michael Offner 22 December 2017 at 10:12
this is a bug in the oro lib
https://bz.apache.org/bugzilla/show_bug.cgi?id=3561
Michael Offner 22 December 2017 at 10:09
stacktrace of the thread hanging
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__tryExpression(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.__interpret(Unknown Source)
org.apache.oro.text.regex.Perl5Matcher.contains(Unknown Source)
org.apache.oro.text.regex.Util.substitute(Unknown Source)
org.apache.oro.text.regex.Util.substitute(Unknown Source)
lucee.runtime.regex.Perl5Util._replace(Perl5Util.java:210)
lucee.runtime.regex.Perl5Util.replace(Perl5Util.java:206)
lucee.runtime.functions.string.REReplace.call(REReplace.java:54)
img_cfm$cf.call(/img.cfm:27)
lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:896)
lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:821)
lucee.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:223)
lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:43)
lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2402)
lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2392)
lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2360)
lucee.runtime.engine.Request.exe(Request.java:44)
lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1090)
lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1038)
lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:102)
lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:670)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:745)Details
Assignee
Michael OffnerMichael OffnerReporter
JPJPPriority
MinorLabels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Affects versions
Details
Details
Assignee
Michael Offner
Michael OffnerReporter
JP
JPPriority
MinorLabels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Affects versions
Created 22 December 2017 at 00:02
Updated 17 May 2020 at 17:55
Calling REReplace() with a specific regex does not return and can take down a server. The example below appears to cause an infinite loop and prevents the request thread from terminating, consuming system resources and will eventually lead to Tomcat being unresponsive.
// auto-link email addresses str = ".......................................All@tricksMan..............................................."; str = REReplace(str, "([[:alnum:]_\.\-]+@([[:alnum:]_\.\-]+\.)+[[:alpha:]]{2,4})", "<a class='autolink' href='mailto:\1'>\1</a>", "ALL");I've since replaced my regex with something that works better and does not cause the problem.