Bug #4098: URI.decode_www_form hangs for some input strings
http://redmine.ruby-lang.org/issues/show/4098

Author: Theo Hultberg
Status: Open, Priority: Normal
ruby -v: ruby 1.9.2p0 (2010-08-18 revision 29036) [x86_64-darwin10.4.0]

Running

require 'uri'
URI.decode_www_form('a=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&b')

will hang seemingly forever. If you decrease the number of A's you will eventually see that it just takes a very, very long time to realize that the string is a malformed query string (there's no = in the last parameter). The culprit is line 828 of uri/common.rb, which looks like this:

unless /\A#{WFKV_}*=#{WFKV_}*(?:[;&]#{WFKV_}*=#{WFKV_}*)*\z/o =~ str

I haven't even tried to decode that regexp, but it's clear that with a string like the one above it will take a very long time to realize that it can't match.


----------------------------------------
http://redmine.ruby-lang.org