Tickets :: [#14318] CSS Parser 100% CPU usage

6.0.0-beta1

7/3/25

Summary	CSS Parser 100% CPU usage
Queue	Horde Framework Packages
Type	Bug
State	Resolved
Priority	2. Medium
Owners	jan (at) horde (dot) org
Requester	azurit (at) pobox (dot) sk
Created	04/06/2016 (3375 days ago)
Due
Updated	04/08/2016 (3373 days ago)
Assigned	04/06/2016 (3375 days ago)
Resolved	04/07/2016 (3374 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

04/08/2016 02:22:36 PM	Git Commit	Comment #15	Reply to this comment
Changes have been made in Git (master): commit e02440a4ad7932b0c02437e602005b9522d0478d Author: Jan Schneider <jan@horde.org> Date: Thu Apr 7 15:21:34 2016 +0200 Add a test for ~~bug #14318~~. .../test/Horde/Css/Parser/ParserTest.php \| 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) http://github.com/horde/horde/commit/e02440a4ad7932b0c02437e602005b9522d0478d

04/07/2016 01:23:54 PM	azurit (at) pobox (dot) sk	Comment #14	Reply to this comment
Thank you!

04/07/2016 01:21:47 PM	Jan Schneider	Assigned to Jan Schneider State ⇒ Resolved

04/07/2016 01:17:10 PM	Git Commit	Comment #13	Reply to this comment
Changes have been made in Git (master): commit c462001168dc27dc786d9dacf244feb06cf33087 Author: Jan Schneider <jan@horde.org> Date: Thu Apr 7 15:16:51 2016 +0200 [jan] Fix upstream regression causing infite loops with empty CSS documents (~~Bug #14318~~). framework/Css_Parser/lib/Horde/Css/Parser.php \| 5 +++++ framework/Css_Parser/package.xml \| 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) http://github.com/horde/horde/commit/c462001168dc27dc786d9dacf244feb06cf33087

04/07/2016 12:53:13 PM	azurit (at) pobox (dot) sk	Comment #12	Reply to this comment
Sorry but i don't know what you mean. The bug is present as i described it.

04/07/2016 12:44:17 PM	Jan Schneider	Comment #11	Reply to this comment
This empty style tag is already stripped off here. Probably through tidy.

04/06/2016 09:16:30 PM	azurit (at) pobox (dot) sk	Comment #10	Reply to this comment
Also this helps (but don't forget to remove 3 characters somewhere from body): <!--a75c305b1c0a6022--><style type="text/css">aaa</style> The problem is with empty <!--a75c305b1c0a6022--><style> tag.

04/06/2016 09:11:40 PM	azurit (at) pobox (dot) sk	Comment #9	Reply to this comment
I tried to replace this: <!--a75c305b1c0a6022--><style type="text/css"></style> with this (so message size will remain the same): aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa and problem was gone for this message.

04/06/2016 09:06:00 PM	azurit (at) pobox (dot) sk	Comment #8	Reply to this comment
Debian Wheezy, PHP 5.6.20 (from dotdeb.org), all Horde packages on newest stable versions.

04/06/2016 09:04:02 PM	azurit (at) pobox (dot) sk	Comment #7	Reply to this comment
I'm able to 100% reproduce it with that message. This is related to CSS: <!--a75c305b1c0a6022--><style type="text/css"></style>

04/06/2016 08:04:39 PM	Jan Schneider	Comment #6	Reply to this comment
Still cannot reproduce and it wouldn't have made any sense anyway, since the message didn't contain any CSS at all.

04/06/2016 08:03:42 PM	Jan Schneider	Deleted Original Message

04/06/2016 04:53:07 PM	azurit (at) pobox (dot) sk	Comment #5 New Attachment: 1459524260.M13375P28515.server00,S=5616,W=5735:2,S	Reply to this comment
Got it! Pls remove it from ticket after you download it, thank you.

04/06/2016 02:53:27 PM	azurit (at) pobox (dot) sk	Comment #4	Reply to this comment
Any idea how to find such a message? It was triggered by our users (who probably doesn't know that something like this happened).

04/06/2016 02:42:44 PM	Jan Schneider	Comment #3 State ⇒ Feedback	Reply to this comment
Can you provide an example (HTML) message that triggers this?

04/06/2016 01:17:55 PM	Michael Rubinsky	Comment #2 Priority ⇒ 2. Medium	Reply to this comment
See also ~~Ticket: 14317~~

04/06/2016 12:57:38 PM	azurit (at) pobox (dot) sk	Comment #1 Priority ⇒ 3. High State ⇒ Unconfirmed Patch ⇒ No Milestone ⇒ Summary ⇒ CSS Parser 100% CPU usage Type ⇒ Bug Queue ⇒ Horde Framework Packages	Reply to this comment
After upgrade to 1.0.9, Horde_CSS_Parser started to take 100% CPU in some cases and possibly causing a DoS (when max_execution_time is disabled): 2016-04-06T14:23:09+02:00 EMERG: HORDE [imp] Maximum execution time of 120 seconds exceeded [pid 20629 on line 578 of "/usr/share/php/Horde/Css/Parser/vendor/sabberworm/php-css-parser/lib/Sabberworm/CSS/Parser.php"] 2016-04-06T14:23:08+02:00 EMERG: HORDE [imp] Maximum execution time of 120 seconds exceeded [pid 20617 on line 18 of "/usr/share/php/Horde/Css/Parser/vendor/sabberworm/php-css-parser/lib/Sabberworm/CSS/Parsing/UnexpectedTokenException.php"] 2016-04-06T14:34:29+02:00 EMERG: HORDE [imp] Maximum execution time of 120 seconds exceeded [pid 7743 on line 96 of "/usr/share/php/Horde/Css/Parser/vendor/sabberworm/php-css-parser/lib/Sabberworm/CSS/Parser.php"] Downgrading to 1.0.8 seems to fix the problem.