[SERVER-65551] Investigate PCRE2 resource usage limits Created: 13/Apr/22  Updated: 30/Jun/22

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Jennifer Peshansky (Inactive) Assignee: Chris Harris
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

PCRE2 has API functions that allow users to change resource limits at runtime. It might be worthwhile to set these limits lower by default, and create server parameters to allow users to raise them. SECURITY-757 describes potential security risks with leaving these limits high on Atlas Free Tier or Serverless. We should determine default limits that will fill the needs of most users, while limiting the library's resource usage as much as possible.

The limits below, described here, can be set while configuring the library. They are also possible to change at runtime with these functions.
--with-match-limit
--with-heap-limit
--with-match-limit_depth

regex_limits.js tests many of these limits. This capture group limit test case is failing in PCRE2, because the memory usage differs slightly from PCRE. This is what led me to question whether the capture group limit should even be so high that it can hit the MongoDB internal memory limit (or stay just under the limit but run for a really long time and take up a lot of resources.)


Generated at Thu Feb 08 06:03:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.