Discourse reopens all tabs... to the wrong topic after discourse crash (server error 500)



  • Continuing the discussion from Large post breaks Discourse:

    @Matches said:

    You can force an internal server error 500 by spamming [[...\]] (and variations thereof)

    This may not be limited to just an error 500, but that's my repro.

    General string that caused the original crash: (Several thousand pastes of:
    [[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]][..\]][[\[[\\[\...\...]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

    It opened up 5 tabs to the same topic (the first topic I had open) instead of reopening all of my various topics.



  • I wonder if it's using regexes to try to parse the lists that you're trying to make there, in which case, ReDoS is your friend.



  • Now there's something I haven't seen anyone try yet:

    Anyone up to trying to create a DoS attack using regex + discourse parser?



  • I'd say you already did. ;)



  • Mine was too fat to get into the post chain, I want something that when somebody goes to quote it, discourse goes down :D

    (Say, 25 characters max for bonus points?)


  • Banned

    "reopening tabs" is a browser function, not a Discourse function. And URLs are all set when the page is rendered, so.. I don't know what this is, but it is not our bug.



  • How about the server dumping an HTTP 500 error? Is that not your bug?

    I could imagine weirdness happening when unexpected server states occur.



  • It's fine not to be your bug. It only happens exclusively on your software which is designed to break just about every 'normal' browser behavior, the other 8 tabs loaded correctly.

    But it's cool, it's just me. I wasn't reading those tabs anyway.



  • No, it's not fine in my book. "Not my bug" is only fine if you completely rule it out and that has not yet been done.

    If the server vomits up a 500 and shit goes crazy, you have two problems: 1, that you created a 500 in the first place and 2. you're not coping with receiving a 500.


  • BINNED

    All I can think of is Discourse likely doing this:



  • Pretty much.

    Also.... OOO, Discourse now tells me 58 minutes to wait before I can like something.

    @codinghorror @sam Whatever logic you guys have on rate limiting, when telling the user how many hours, please round up, kthx. Telling me it's 3 hours when it's just shy of 4 hours is not clever.



  • That's actually more entertaining than what discourse is doing. My cats do this more than my dog, but I always am pleased to see them twirl about.


  • Banned

    @Matches said:

    Anyone up to trying to create a DoS attack using regex + discourse parser?

    Unlikely to work, we have timeouts on the JS parts, if markdown baking is taking longer than N we just stop it. Plus there are rate limits.


  • Banned

    There were definitely a bunch of errors in the logs 3 hours ago, we did an upgrade during that time and got a bunch of, for a few secs after upgrade.

    PG::Error: ERROR:  cached plan must not change result type
    : SELECT  "posts".* FROM "posts"  WHERE ("posts"."deleted_at" IS NULL) AND "posts"."topic_id" = $1  ORDER BY post_number ASC LIMIT 
    

    Seems likely to be related.


  • Banned


Log in to reply