Is my regex catastrophically backtracking?

Question

I use a regex to validate number formats.

[-+]?([0-90-9]+((\,([0-90-9]{2,}))*\,([0-90-9]{3}))*)?(\.[0-90-9]*)?

When I handled a large number of inputs for certain inputs it seems to loop infinitely .I read other answers regarding catastrophic backtracking . But I am a regex newbie and need some help. can you please provide any input that can make this regex catastrophically backtrack . Would be helpful for me to understand .Thanks .It can be a very long input too . I am using Java Pattern and matcher objects.

What are the requirements for the pattern? `[0-90-9]` is certainly not the main problem here, but the nested quantifiers inside groups. — Wiktor Stribiżew, Mar 01 '17 at 11:47
Thanks ,I noticed that , But I would really appreciate if someone can make this regex backtrack infinitely.In that case I can be sure thats the problem — Sainath S.R, Mar 01 '17 at 11:47
@WiktorStribiżew Find me an input which would break this regex ie cause it to loop infinitely — Sainath S.R, Mar 01 '17 at 11:48
This has nothing to do with "infinite loop" _or_ "recursive backtracking"... — Aran-Fey, Mar 01 '17 at 11:48
all of your capturing groups are optional , where using `?` or `*` and if you want to validate input, add `^...$` warapper @SainathS.R — MohaMad, Mar 01 '17 at 11:56

score 1 · Accepted Answer · answered Mar 01 '17 at 12:06

1

Yes, this regex is prone to catastrophic backtracking. Specifically, this segment:

((\,([0-9]{2,}))*\,([0-9]{3}))*

For reference, this has a structure of the form

((,d)*,d)*

which, simplified, is essentially (d+)*.

Strings like

1,111,111,111,111,111,111,111,111,111,111,111,111,111,11.

will therefore cause catastrophic backtracking.

answered Mar 01 '17 at 12:06

Aran-Fey

39,665
11
104
149

That string ran fine :( – Sainath S.R Mar 01 '17 at 12:11
1

Note that this is only an issue in an anchored context, e.g. `.matches` – Sebastian Proske Mar 01 '17 at 12:12
@SainathS.R Then make it longer. – Aran-Fey Mar 01 '17 at 12:14
@SebastianProske Can you elaborate? – Sainath S.R Mar 01 '17 at 12:14
@Rawing I made it very long ,still terminated in reasonable time – Sainath S.R Mar 01 '17 at 12:17
@SainathS.R Make sure it's anchored: `^[-+]?([0-90-9]+((\,([0-90-9]{2,}))*\,([0-90-9]{3}))*)?(\.[0-90-9]*)?$` – Aran-Fey Mar 01 '17 at 12:20

MohaMad · Answer 2 · 2017-03-01T12:01:25.440

0

To validate your input string use this one:

^[-+]?(\d+((\,(\d{2,}))*\,(\d{3}))*)?(\.\d*)?$

As I've wrote in comments:

all of your capturing groups are optional , where using ? or * and if you want to validate input, add ^...$ wrapper

Have a look at right side bar of https://regex101.com/r/eM7OFj/1 titled by MATCH INFORMATION

edited Mar 01 '17 at 12:01

answered Mar 01 '17 at 11:58

MohaMad

2,575
2
14
26

Thank you , I know the pattern can be changed to something better but I would like to know any sample input which can cause this pattern to run indefinitely . – Sainath S.R Mar 01 '17 at 12:01
Your pattern runs for each Character in the input text. Note to use ^ $ – MohaMad Mar 01 '17 at 12:02
`Test your regex` has 16 matched null string @SainathS.R – MohaMad Mar 01 '17 at 12:03

Is my regex catastrophically backtracking?

2 Answers2