From 682f3a788102113fdb1927e2b42ef7932106acb2 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 25 Aug 2014 07:29:50 +0000
Subject: [PATCH] uri/common.rb: use negative look-ahead

* lib/uri/common.rb (URI.decode_www_form_component): use negative
  look-ahead instead of nested repeat operators, to get rid of
  backtrack explosion.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47273 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/uri/common.rb       | 2 +-
 test/uri/test_common.rb | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/uri/common.rb b/lib/uri/common.rb
index 6378541cbe..00051a88fa 100644
--- a/lib/uri/common.rb
+++ b/lib/uri/common.rb
@@ -379,7 +379,7 @@ module URI
   #
   # See URI.encode_www_form_component, URI.decode_www_form
   def self.decode_www_form_component(str, enc=Encoding::UTF_8)
-    raise ArgumentError, "invalid %-encoding (#{str})" unless /\A[^%]*(?:%\h\h[^%]*)*\z/ =~ str
+    raise ArgumentError, "invalid %-encoding (#{str})" if /%(?!\h\h)/ =~ str
     str.b.gsub(/\+|%\h\h/, TBLDECWWWCOMP_).force_encoding(enc)
   end
 
diff --git a/test/uri/test_common.rb b/test/uri/test_common.rb
index 7808bcdc3c..24a5325522 100644
--- a/test/uri/test_common.rb
+++ b/test/uri/test_common.rb
@@ -100,6 +100,9 @@ class TestCommon < Test::Unit::TestCase
                  URI.decode_www_form_component("\xE3\x81\x82%E3%81%82".force_encoding("UTF-8")))
 
     assert_raise(ArgumentError){URI.decode_www_form_component("%")}
+    assert_raise(ArgumentError){URI.decode_www_form_component("%a")}
+    assert_raise(ArgumentError){URI.decode_www_form_component("x%a_")}
+    assert_nothing_raised(ArgumentError){URI.decode_www_form_component("x"*(1024*1024))}
   end
 
   def test_encode_www_form