Merge pull request #1 from nulab/fix/stack-over-flow

foo-543674 · web-flow · commit 2b52abd8f413 · 2025-10-06T18:44:15.000+09:00
Fix/stack over flow
diff --git a/.gitignore b/.gitignore
@@ -38,3 +38,9 @@ target/
 /assets/comms/
 /lib/
 /mvn-dependency-tree.txt
+
+# local
+.vscode/
+.DS_Store
+.devcontainer/
+.claude/
diff --git a/flexmark-core-test/src/test/java/com/vladsch/flexmark/core/test/util/parser/SpecialInputTest.java b/flexmark-core-test/src/test/java/com/vladsch/flexmark/core/test/util/parser/SpecialInputTest.java
@@ -1,15 +1,20 @@
 package com.vladsch.flexmark.core.test.util.parser;
 
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
+import org.junit.Test;
+
 import com.vladsch.flexmark.html.HtmlRenderer;
 import com.vladsch.flexmark.parser.Parser;
-import com.vladsch.flexmark.test.util.*;
+import com.vladsch.flexmark.test.util.FlexmarkSpecExampleRenderer;
+import com.vladsch.flexmark.test.util.RenderingTestCase;
+import com.vladsch.flexmark.test.util.SpecExampleRenderer;
+import com.vladsch.flexmark.test.util.Strings;
+import com.vladsch.flexmark.test.util.TestUtils;
 import com.vladsch.flexmark.test.util.spec.SpecExample;
 import com.vladsch.flexmark.util.data.DataHolder;
 import com.vladsch.flexmark.util.data.DataSet;
 import com.vladsch.flexmark.util.data.MutableDataSet;
-import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
-import org.junit.Test;
 
 final public class SpecialInputTest extends RenderingTestCase {
     final private static DataHolder OPTIONS = new MutableDataSet()
@@ -121,7 +126,19 @@ public void linkLabelLength() {
 
     @Test
     public void manyUnderscores() {
-        assertRendering(Strings.repeat("_", 1000), "<hr />");
+        assertRendering(Strings.repeat("_", 100000), "<hr />");
+    }
+
+    @Test
+    public void uncompletedHugeHtmlTag() {
+        assertRendering("<" + Strings.repeat("a", 1000000), "<p>&lt;" + Strings.repeat("a", 1000000) + "</p>\n");
+    }
+
+    @Test
+    public void hugeDataUrlInLink() {
+        String url = "data:image/jpeg;base64," + "A".repeat(5000);
+        String markdown = "![alt text][image]\n\n[image]: <" + url + ">";
+        assertRendering(markdown, "<p><img src=\"" + url + "\" alt=\"alt text\" /></p>");
     }
 
     @Nullable
diff --git a/flexmark/src/main/java/com/vladsch/flexmark/ast/util/Parsing.java b/flexmark/src/main/java/com/vladsch/flexmark/ast/util/Parsing.java
@@ -4,6 +4,7 @@
 import com.vladsch.flexmark.util.data.DataHolder;
 import com.vladsch.flexmark.util.format.TableFormatOptions;
 import com.vladsch.flexmark.util.misc.CharPredicate;
+import com.vladsch.flexmark.util.sequence.BasedSequence;
 import com.vladsch.flexmark.util.sequence.Escaping;
 import com.vladsch.flexmark.util.sequence.SequenceUtils;
 import org.jetbrains.annotations.NotNull;
@@ -23,7 +24,8 @@ public class Parsing {
 //    final public static String XML_NAMESPACE_CHAR = XML_NAME_SPACE_START + "|-|.|[0-9]";
     final public static String XML_NAMESPACE_START = "[_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD]"; // excluded  [#x10000-#xEFFFF]
     final public static String XML_NAMESPACE_CHAR = XML_NAMESPACE_START + "|[.0-9\u00B7\u0300-\u036F\u203F-\u2040-]";
-    final public static String XML_NAMESPACE = "(?:(?:" + XML_NAMESPACE_START + ")(?:" + XML_NAMESPACE_CHAR + ")*:)?";
+    // NOTE: Set name length limit to avoid stack overflow on pathological cases
+    final public static String XML_NAMESPACE = "(?:(?:" + XML_NAMESPACE_START + ")(?:" + XML_NAMESPACE_CHAR + "){0,200}:)?";
 
     // save options for others to use when only parsing instance is available
     final public DataHolder options;
@@ -507,4 +509,69 @@ public static boolean isLetter(CharSequence s, int index) {
     public static boolean isSpaceOrTab(CharSequence s, int index) {
         return CharPredicate.SPACE_TAB.test(SequenceUtils.safeCharAt(s, index));
     }
+
+    private static final String ESCAPABLE_CHARS = "\"#$%&'()*+,./:;<=>?@[]\\^_`{|}~-";
+    /**
+     * Parse angled link destination without regex catastrophic backtracking.
+     * Replaces regex-based parsing to prevent StackOverflowError on large URLs.
+     *
+     * @param input the input sequence
+     * @param startIndex starting position
+     * @param spaceInLinkUrl whether spaces are allowed in URLs
+     * @return parsed result or null if no match
+     */
+    @Nullable
+    public static BasedSequence parseAngledLinkDestination(@NotNull BasedSequence input, int startIndex, boolean spaceInLinkUrl) {
+        if (startIndex >= input.length() || input.charAt(startIndex) != '<') {
+            return null;
+        }
+
+        int pos = startIndex + 1;
+
+        while (pos < input.length()) {
+            int nextPos = pos + 1;
+            char c = input.charAt(pos);
+
+            // End of angled destination
+            if (c == '>') {
+                return input.subSequence(startIndex, pos + 1);
+            }
+
+            // Invalid characters
+            if (c == '<' || c == '\0' || c == '\t' || c == '\n' || c == '\r') {
+                return null;
+            }
+
+            // Space handling
+            if (c == ' ') {
+                if (!spaceInLinkUrl) {
+                    return null;
+                }
+                // Check lookahead for space followed by quote
+                if (nextPos < input.length()) {
+                    char next = input.charAt(nextPos);
+                    if (next == '"' || next == '\'' || next == '(') {
+                        return null;
+                    }
+                }
+            }
+
+            // Escape sequence handling
+            if (c == '\\') {
+                if (nextPos >= input.length()) {
+                    return null; // Incomplete escape at end
+                }
+
+                char escapedChar = input.charAt(nextPos);
+                if (ESCAPABLE_CHARS.indexOf(escapedChar) > 0) {
+                    pos++; // Skip the escaped character
+                }
+            }
+
+            pos++;
+        }
+
+        // No closing '>' found
+        return null;
+    }
 }
diff --git a/flexmark/src/main/java/com/vladsch/flexmark/parser/core/ThematicBreakParser.java b/flexmark/src/main/java/com/vladsch/flexmark/parser/core/ThematicBreakParser.java
@@ -12,11 +12,56 @@
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
-import java.util.regex.Pattern;
 
 public class ThematicBreakParser extends AbstractBlockParser {
 
-    static Pattern PATTERN = Pattern.compile("^(?:(?:\\*[ \t]*){3,}|(?:_[ \t]*){3,}|(?:-[ \t]*){3,})[ \t]*$");
+    /**
+     * Checks if the given input matches the thematic break pattern without using regex
+     * to avoid StackOverflowError with very long sequences.
+     *
+     * Pattern: ^(?:(?:\*[ \t]*){3,}|(?:_[ \t]*){3,}|(?:-[ \t]*){3,})[ \t]*$
+     * - At least 3 occurrences of *, _, or - characters
+     * - Characters can be separated by spaces or tabs
+     * - Only one type of character allowed per line
+     * - Line can end with spaces or tabs
+     */
+    private static boolean matchesThematicBreak(BasedSequence input) {
+        int length = input.length();
+        if (length == 0) return false;
+
+        // Skip leading whitespace
+        int pos = 0;
+        while (pos < length && isWhitespace(input.charAt(pos))) {
+            pos++;
+        }
+
+        if (pos >= length) return false;
+
+        char patternChar = input.charAt(pos);
+        if (patternChar != '*' && patternChar != '_' && patternChar != '-') {
+            return false;
+        }
+
+        int charCount = 0;
+        while (pos < length) {
+            char c = input.charAt(pos);
+            if (c == patternChar) {
+                charCount++;
+            } else if (isWhitespace(c)) {
+                // Whitespace is allowed between pattern characters
+            } else {
+                // Invalid character found
+                return false;
+            }
+            pos++;
+        }
+
+        return charCount >= 3;
+    }
+
+    private static boolean isWhitespace(char c) {
+        return c == ' ' || c == '\t';
+    }
 
     final private ThematicBreak block = new ThematicBreak();
 
@@ -96,7 +141,7 @@ public BlockStart tryStart(ParserState state, MatchedBlockParser matchedBlockPar
             }
             BasedSequence line = state.getLine();
             final BasedSequence input = line.subSequence(state.getNextNonSpaceIndex(), line.length());
-            if (PATTERN.matcher(input).matches()) {
+            if (matchesThematicBreak(input)) {
                 return BlockStart.of(new ThematicBreakParser(line.subSequence(state.getIndex()))).atIndex(line.length());
             } else {
                 return BlockStart.none();
diff --git a/flexmark/src/main/java/com/vladsch/flexmark/parser/internal/InlineParserImpl.java b/flexmark/src/main/java/com/vladsch/flexmark/parser/internal/InlineParserImpl.java
@@ -3,6 +3,7 @@
 import com.vladsch.flexmark.ast.*;
 import com.vladsch.flexmark.ast.util.ReferenceRepository;
 import com.vladsch.flexmark.ast.util.TextNodeConverter;
+import com.vladsch.flexmark.ast.util.Parsing;
 import com.vladsch.flexmark.parser.*;
 import com.vladsch.flexmark.parser.block.CharacterNodeFactory;
 import com.vladsch.flexmark.parser.block.ParagraphPreProcessor;
@@ -1181,8 +1182,10 @@ protected static void collapseLinkRefChildren(Node node, Function<LinkRefDerived
      */
     @Override
     public BasedSequence parseLinkDestination() {
-        BasedSequence res = match(myParsing.LINK_DESTINATION_ANGLES);
+        // NOTE: Use linear parser to prevent StackOverflowError on large URLs
+        BasedSequence res = Parsing.parseAngledLinkDestination(input, index, options.spaceInLinkUrls);
         if (res != null) {
+            index += res.length();
             return res;
         } else {
             if (linkDestinationParser != null) {
