Merge pull request #669 from Crozzers/fix-em-dos

Fix DoS in GFM emphasis processing (#668)

Author: nicholasserra

lib/markdown2.py

@@ -2574,7 +2574,9 @@ class GFMItalicAndBoldProcessor(Extra):
 
     def run(self, text):
         nesting = True
-        while nesting:
+        orig_text = ""
+        while nesting and orig_text != _hash_text(text):
+            orig_text = _hash_text(text)
             nesting = False
 
             opens = {'*': [], '_': []}

test/test_redos.py

@@ -37,17 +37,23 @@ def issue_633():
     # https://github.com/trentm/python-markdown2/issues/633
     return '<p m="1"' * 2500 + " " * 5000 + "</div"
 
+def issue_668():
+    # https://github.com/trentm/python-markdown2/issues/668
+    # not technically a redos, but still an error that caused a DOS
+    return 'a_b **x***y* c_d'
+
 
 # whack everything in a dict for easy lookup later on
 CASES = {
-    fn.__name__: fn
-    for fn in [
-        pull_387_example_1,
-        pull_387_example_2,
-        pull_387_example_3,
-        pull_402,
-        issue493,
-        issue_633,
+    fn.__name__: (fn, extras)
+    for fn, extras in [
+        (pull_387_example_1, None),
+        (pull_387_example_2, None),
+        (pull_387_example_3, None),
+        (pull_402, None),
+        (issue493, None),
+        (issue_633, None),
+        (issue_668, ['code-friendly']),
     ]
 }
 
@@ -60,7 +66,7 @@ def issue_633():
         sys.path.insert(0, str(LIB_DIR))
         from markdown2 import markdown
 
-        markdown(testcase())
+        markdown(testcase[0](), extras=testcase[1])
         sys.exit(0)
 
     print("-- ReDoS tests")