Skip to content

Infinite loop #259

Open
Open
Infinite loop#259
@Eeems

Description

@Eeems
Eeems
opened on Mar 30, 2026

I've been doing some fuzzing of a project where I'm using marko to help handle converting markdown into micron. The fuzzing has helped me find an infinite loop in marko when trying to convert the following string: "-\f-". As I was poking at it, I discovered you can also replicate with "-\r-", but not "-\n-".

This appears to be the common stack trace location when I interrupt after letting it run for a little time:

  File "/var/home/eeems/git/Github/Eeems/git-remote-rns/.venv/lib/python3.11/site-packages/marko/__init__.py", line 114, in convert
    return self.render(self.parse(text))
                       ^^^^^^^^^^^^^^^^
  File "/var/home/eeems/git/Github/Eeems/git-remote-rns/.venv/lib/python3.11/site-packages/marko/__init__.py", line 125, in parse
    return self.parser.parse(text)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/home/eeems/git/Github/Eeems/git-remote-rns/.venv/lib/python3.11/site-packages/marko/parser.py", line 65, in parse
    doc.children = self.parse_source(source)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/home/eeems/git/Github/Eeems/git-remote-rns/.venv/lib/python3.11/site-packages/marko/parser.py", line 75, in parse_source
    if ele_type.match(source):
       ^^^^^^^^^^^^^^^^^^^^^^
  File "/var/home/eeems/git/Github/Eeems/git-remote-rns/.venv/lib/python3.11/site-packages/marko/block.py", line 224, in match
    m = source.expect_re(cls.pattern)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/home/eeems/git/Github/Eeems/git-remote-rns/.venv/lib/python3.11/site-packages/marko/source.py", line 105, in expect_re
    self.prefix, self.next_line(require_prefix=False)  # type: ignore
    ^^^^^^^^^^^
  File "/var/home/eeems/git/Github/Eeems/git-remote-rns/.venv/lib/python3.11/site-packages/marko/source.py", line 72, in prefix
    return "".join(s._prefix for s in self._states)

It seems to me it's because marko is only converting "\r\n" into "\n" as part of marko.source._preprocess_text(). The other underlying issue is likely that marko.parser.Parser.parse_source() doesn't detect when an infinite loop is happening and bail out with an error, or fallback to treating the failing to match source as a paragraph.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions