Bug 52540

Summary: Regression: Some text-only e-mails causes 100% cpu load
Product: WebKit Reporter: Alexander Zautke <alexander.zautke>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, barraclough, ggaren, msaboff, oliver
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.6   
Attachments:
Description Flags
Screenshot of a top command in terminal
none
Sample of MiniBrowser taken with Activity Monitor
none
Sample of WebProcess taken with Activity Monitor
none
Sample of WebKit taken with Activity Monitor
none
Patch to attach nested sub parens to outer non-capturing parens oliver: review+

Description Alexander Zautke 2011-01-16 11:46:22 PST 
Created attachment 79105 [details]
Screenshot of a top command in terminal

1. I opened a text-only,not a html-email, in MobileMe.
2. WebKit locks down completly (100% cpu).
3. If you try it in the MiniBrowser for WebKit2,WebProcess caues the 100% cpu load (see attachment).
Comment 1 Alexey Proskuryakov 2011-01-16 22:12:41 PST 
Could you please attach a sample of both MiniBrowser and WebProcess processes, taken with Activity Monitor application?

Without a reproducible case or at least samples, there is nothing we can do here.
Comment 2 Alexander Zautke 2011-01-17 05:03:00 PST 
Created attachment 79156 [details]
Sample of MiniBrowser taken with Activity Monitor
Comment 3 Alexander Zautke 2011-01-17 05:03:54 PST 
Created attachment 79157 [details]
Sample of WebProcess taken with Activity Monitor
Comment 4 Alexey Proskuryakov 2011-01-17 08:48:03 PST 
In JSC::RegExp::match(). It's strange if this doesn't happen in WebKit nightlies, there shouldn't be any difference in  JavaScriptCore behavior in WebKit2.
Comment 5 Alexander Zautke 2011-01-17 09:18:56 PST 
Created attachment 79181 [details]
Sample of WebKit taken with Activity Monitor
Comment 6 Geoffrey Garen 2011-01-17 14:43:54 PST 
<rdar://problem/8875432>
Comment 7 Michael Saboff 2011-01-17 17:07:29 PST 
I am unable to reproduce with either ToT or nightly build with Safari.  Please provide a sample email that will cause the problem.
Comment 8 Alexander Zautke 2011-01-18 07:17:34 PST 
For example, I can not open the e-mail you get from bugzilla, if someone comment on this bug.
Comment 9 Alexey Proskuryakov 2011-01-18 09:05:10 PST 
Confirmed with r75891! I forwarded this e-mail to my MobileMe account with Mail.app's Message->Redirect menu item.
Comment 10 Michael Saboff 2011-01-18 10:25:37 PST 
Got it!.  The problem RE is /(([\w\-]+:\/\/?|www[.])[^\s()<>]+(?:([\w\d]+)|([^\[:punct:\]\s()<>\W]|\/)))/.

I have reduced it to: /([^\s]+(?:([\w]+)|([^\W])))/ with the input of:
    "https://bugs.webkit.org/show_bug.cgi?id=52540\n"

The trailing 'n' is needed for the hang.

Debugging now.....
Comment 11 Michael Saboff 2011-01-18 15:16:35 PST 
Created attachment 79342 [details]
Patch to attach nested sub parens to outer non-capturing parens

Directly use backtrack label with parentheses nested under a non-capturing parentheses.  Also linked current parentheses tail code object for possible parens nested within a non-capturing parentheses.
Comment 12 Oliver Hunt 2011-01-18 15:22:06 PST 
*** Bug 52662 has been marked as a duplicate of this bug. ***
Comment 13 Michael Saboff 2011-01-18 15:31:56 PST 
Committed r76076: <http://trac.webkit.org/changeset/76076>